PSA's
Latest Cybersecurity Briefs
The Holy Week is a period marked by reduced business operations, increased travel activities, and greater online activity. This presents opportunities for cybercriminals to exploit the more relaxed security measures of individuals and their increased online activities. PSA advises clients to remain vigilant and take proactive steps to protect their digital security during the upcoming …
On March 20, 2025, the Presidential Communications Office (PCO) and the Cybercrime Investigation and Coordination Center (CICC) formally announced the creation of the National Deepfake Task Force. The task force will be working in collaboration with the Department of Information and Communications Technology (DICT), National Bureau of Investigation (NBI), and other government offices. In addition, …
The Cybercrime Investigation and Coordinating Center (CICC) has recorded a total of 3,251 cybercrime complaints in the first quarter of 2025, indicating a 72 percent increase compared to the previous quarter (1,891) in 2024. The CICC has since attributed the recorded increase in complaints to the growing public awareness of cybercrime and the willingness to …
Department of Information and Communications Technology (DICT) Secretary Henry R. Aguda has called for the “unqualified courtesy resignation” of all incumbent undersecretaries, assistant secretaries, and directors in the department, effective until April 4, 2025, as stated in a memorandum issued on March 31, 2025. The memorandum explains that the call for the ‘courtesy resignation’ is made …
The Cybercrime Investigation and Coordinating Center (CICC) has recorded a total of 3,251 cybercrime complaints in the first quarter of 2025, indicating a 72 percent increase compared to the previous quarter (1,891) in 2024. The CICC has since attributed the recorded increase in complaints to the growing public awareness of cybercrime and the willingness to …
Former workers of Philippine Offshore Gaming Operator (POGO) are allegedly attempting to reclaim illegal devices from their former workplace, following the government’s crackdown on illegal scam hubs posing as POGO operations. According to the Philippine National Police-Anti Cybercrime Group (PNP-ACG), these devices include International Mobile Subscriber Identity (IMSI) catchers or text blasters, which are used …
April 3, 2025
Philippine business tycoons Ramon Ang and Enrique Razon Jr. have alerted the public about the surge of deepfake videos and fraudulent online investment scams that falsely use their image to deceive victims into fraudulent financial transactions. As these scams become more prevalent and sophisticated, there is an urgent need for enhanced detection technology, security measures, …
April 3, 2025
Read the full report here.Philippines and South East AsiaPhilippine Presidential Communications Office responding to fake news and misinformation Chinese threat actor hidden inside another Asian telecommunication network for four years Malaysia refuses to pay $10USD million ransom related to airport outagesCybersecurity Threat LandscapeOracle cloud compute data breach confirmed Threat actor claims breach of Check Point …
The Holy Week is a period marked by reduced business operations, increased travel activities, and greater online activity. This presents opportunities for cybercriminals to exploit the more relaxed security measures of individuals and their increased online activities. PSA advises clients to remain vigilant and take proactive steps to protect their digital security during the upcoming …
On March 20, 2025, the Presidential Communications Office (PCO) and the Cybercrime Investigation and Coordination Center (CICC) formally announced the creation of the National Deepfake Task Force. The task force will be working in collaboration with the Department of Information and Communications Technology (DICT), National Bureau of Investigation (NBI), and other government offices. In addition, …
The Cybercrime Investigation and Coordinating Center (CICC) has recorded a total of 3,251 cybercrime complaints in the first quarter of 2025, indicating a 72 percent increase compared to the previous quarter (1,891) in 2024. The CICC has since attributed the recorded increase in complaints to the growing public awareness of cybercrime and the willingness to …
Department of Information and Communications Technology (DICT) Secretary Henry R. Aguda has called for the “unqualified courtesy resignation” of all incumbent undersecretaries, assistant secretaries, and directors in the department, effective until April 4, 2025, as stated in a memorandum issued on March 31, 2025. The memorandum explains that the call for the ‘courtesy resignation’ is made …
The Cybercrime Investigation and Coordinating Center (CICC) has recorded a total of 3,251 cybercrime complaints in the first quarter of 2025, indicating a 72 percent increase compared to the previous quarter (1,891) in 2024. The CICC has since attributed the recorded increase in complaints to the growing public awareness of cybercrime and the willingness to …
Former workers of Philippine Offshore Gaming Operator (POGO) are allegedly attempting to reclaim illegal devices from their former workplace, following the government’s crackdown on illegal scam hubs posing as POGO operations. According to the Philippine National Police-Anti Cybercrime Group (PNP-ACG), these devices include International Mobile Subscriber Identity (IMSI) catchers or text blasters, which are used …
April 3, 2025
Philippine business tycoons Ramon Ang and Enrique Razon Jr. have alerted the public about the surge of deepfake videos and fraudulent online investment scams that falsely use their image to deceive victims into fraudulent financial transactions. As these scams become more prevalent and sophisticated, there is an urgent need for enhanced detection technology, security measures, …
April 3, 2025
Read the full report here.Philippines and South East AsiaPhilippine Presidential Communications Office responding to fake news and misinformation Chinese threat actor hidden inside another Asian telecommunication network for four years Malaysia refuses to pay $10USD million ransom related to airport outagesCybersecurity Threat LandscapeOracle cloud compute data breach confirmed Threat actor claims breach of Check Point …
Latest CyberSecurity.PH Reports
Read the full report here.Cybersecurity Threat LandscapeMultiple APT groups using Windows shortcut exploit with no Microsoft fix available Compromised GitHub Action leads to further GitHub Action compromises Authentic looking Adobe OAuth and DocuSign OAuth targeting Microsoft 365 accountsCybersecurity Vulnerabilities Apache Tomcat remote code execution (CVSS 9.8) PHP remote code execution vulnerability exploited in new attacks …
Read the full report here.Philippines and South East AsiaPhilippine Army confirms hack by threat-actor Exodus Security Chinese Lotus Panda threat-group targeting APAC organizations with Sagerunex variants Threat actors impersonating Taiwan Taxation authority to deploy malware Solo hacker responsible for 90x high-profile data leaks arrested in ThailandCybersecurity Threat LandscapeFBI confirms Lazarus threat-group responsible for $1.5B Bybit …
Read the full report here.Philippines and South East Asia7,000 people rescued from Myanmar scam-centres Google stops malicious apps with ‘AI-Powered Threat Detection’ and continuous scanningCybersecurity Threat LandscapeThreat actors tricking users into linking devices to access Signal, WhatsApp and Telegram messages China sponsored Salt Typhoon threat actors continue to breach telecom organizations Russian threat-actors targeting MS365 …
Cybersecurity.PH recently published a report providing an in-depth analysis on the risks and vulnerabilities associated with AI technologies like DeepSeek. It explores various security concerns including browser-based tracking, user data collection, and the potential for AI model manipulation. While DeepSeek serves as the focal point, the report emphasizes that similar vulnerabilities exist across many AI …
Read the full report here.Artificial IntelligenceAI Technologies Philippines and South East AsiaChina-linked threat actor “PlushDaemon” targets victims in South East Asia with malicious VPN installers Fake wedding invites, parcel delivery notifications, and government job offers used to spread Android malware Thai police arrest woman linked to $182m romance scamCybersecurity Threat LandscapeCracked[.]io and Nulled[.]to forums seized, …
January 23, 2025
Cybersecurity.PH just released a new update! Check out the full report HERE.PhilippinesNBI clearance data claimed to be compromised Philippines arrests Chinese national for spying on critical infrastructureCybersecurity Threat LandscapeVPN credentials of 15,000 FortiGate appliances posted on dark-web forum Mustang Panda’s PlugX malware removed from 4,200 computers in the US Phishing-as-a-service “Sneaky 2FA” targeting MS365 accounts …
January 9, 2025
Read the full report HERE.PhilippinesChinese cyber threat actors targeting Philippine Executive Branch, stealing military dataCybersecurity Threat LandscapeUnited States Treasury OFAC breached by Chinese threat-actors via third-party vendor 30+ Chrome plugins hacked, exposing millions of users to credential theft Tools released to abuse Windows server LDAP bug causes crashes and rebootsCybersecurity VulnerabilitiesThree critical flaws in Apache …
Read the full report here.Cybersecurity Threat LandscapeMultiple APT groups using Windows shortcut exploit with no Microsoft fix available Compromised GitHub Action leads to further GitHub Action compromises Authentic looking Adobe OAuth and DocuSign OAuth targeting Microsoft 365 accountsCybersecurity Vulnerabilities Apache Tomcat remote code execution (CVSS 9.8) PHP remote code execution vulnerability exploited in new attacks …
Read the full report here.Philippines and South East AsiaPhilippine Army confirms hack by threat-actor Exodus Security Chinese Lotus Panda threat-group targeting APAC organizations with Sagerunex variants Threat actors impersonating Taiwan Taxation authority to deploy malware Solo hacker responsible for 90x high-profile data leaks arrested in ThailandCybersecurity Threat LandscapeFBI confirms Lazarus threat-group responsible for $1.5B Bybit …
Read the full report here.Philippines and South East Asia7,000 people rescued from Myanmar scam-centres Google stops malicious apps with ‘AI-Powered Threat Detection’ and continuous scanningCybersecurity Threat LandscapeThreat actors tricking users into linking devices to access Signal, WhatsApp and Telegram messages China sponsored Salt Typhoon threat actors continue to breach telecom organizations Russian threat-actors targeting MS365 …
Cybersecurity.PH recently published a report providing an in-depth analysis on the risks and vulnerabilities associated with AI technologies like DeepSeek. It explores various security concerns including browser-based tracking, user data collection, and the potential for AI model manipulation. While DeepSeek serves as the focal point, the report emphasizes that similar vulnerabilities exist across many AI …
Read the full report here.Artificial IntelligenceAI Technologies Philippines and South East AsiaChina-linked threat actor “PlushDaemon” targets victims in South East Asia with malicious VPN installers Fake wedding invites, parcel delivery notifications, and government job offers used to spread Android malware Thai police arrest woman linked to $182m romance scamCybersecurity Threat LandscapeCracked[.]io and Nulled[.]to forums seized, …
January 23, 2025
Cybersecurity.PH just released a new update! Check out the full report HERE.PhilippinesNBI clearance data claimed to be compromised Philippines arrests Chinese national for spying on critical infrastructureCybersecurity Threat LandscapeVPN credentials of 15,000 FortiGate appliances posted on dark-web forum Mustang Panda’s PlugX malware removed from 4,200 computers in the US Phishing-as-a-service “Sneaky 2FA” targeting MS365 accounts …
January 9, 2025
Read the full report HERE.PhilippinesChinese cyber threat actors targeting Philippine Executive Branch, stealing military dataCybersecurity Threat LandscapeUnited States Treasury OFAC breached by Chinese threat-actors via third-party vendor 30+ Chrome plugins hacked, exposing millions of users to credential theft Tools released to abuse Windows server LDAP bug causes crashes and rebootsCybersecurity VulnerabilitiesThree critical flaws in Apache …
