The Philippines has taken a major step toward strengthening its national cyber defense capabilities following a landmark agreement with South Korea to establish a National Cyber Security Center (NCSC). The initiative is backed by a $25.6 million…Read more

The Department of Information and Communications Technology (DICT) confirmed persistent cyberattacks targeting Philippine government agencies, particularly those under the executive branch.

Key points:
• Attacks ongoing since 2023
• Target multiple government offices including the Office of the President
• Conducted by highly organ…Read more

Rather than…Read more

Tabletop exercises are simulated, discussion-based cybersecurity scenarios designed to test how an organization would respond to a cyber incident—without executing an actual attack.

They focus on:
• Decision-making under pressure
• Communication across teams
• Validating incident response (IR) plans

Unlike technical testing, tableto…Read more

🔍 What’s happening?
Recent incidents involve different types of malware, including:
– Trojan malware – disguises itself as legitimate software to secretly access systems
– Ransomware – locks files and demands payment to restore acces…Read more

A sanctioned cryptocurrency exchange, Grinex, has suspended operations following a $13.74 million cyberattack, which the company claims bears hallmarks of a state-sponsored operation.

Key points:
• Over 1 billion rubles (~$13.74M) stolen from user funds
• Exchange attributes attack to foreign intelligence agencies
• Incident may be linke…Read more

Summary

A weekly cybersecurity threat bulletin highlights multiple active attacks, zero-days, supply chain compromises, ransomware campaigns, and large-scale fraud operations affecting enterprises, cloud environments, browsers, and end users.

The report covers:
• Active exploitation of legacy and new vulnerabilities
• Browser-based malware cam…Read more

Security researchers have identified a large-scale malicious campaign involving 108 Chrome extensions designed to steal user data, create backdoors, and inject malicious content.

The extensions:
• Installed by over 20,000 users
• Published through multiple developer accounts
• Share the same command-and-control (C2) infra…Read more

Threat actors are abusing n8n, a popular workflow automation platform, to launch phishing campaigns that deliver malware and perform device fingerprinting.

The abuse has been observed since October 2025, with a significant spike in activity in 2026.

Key points:
• Attackers use trusted n8n cloud domains to bypass email security f…Read more

Today, I’m excited to share a free video training that breaks down the essenti…Read more

Google has introduced a Rust-based DNS parser into the modem firmware of its upcoming Pixel 10 devices to improve security and reduce memory-related vulnerabilities.

This marks a major step in adopting memory-safe programming at a deeper system level, particularly within the cellular baseband — a traditionally high-risk attack s…Read more

On April 7, 2026, a supply chain attack has been identified involving a malicious npm package named gemini-ai-checker, designed to steal credentials and sensitive data from AI development environments.

The package masqueraded as a utility for validating Google Gemini API tokens but instead deployed malware capable of credential…Read more

Start by knowing what you need to protect, like customer data and important accounts. Focus on the biggest risks first—what could hurt your business the most?

Use simple protections: strong passwords, multi…Read more

Here are the top 3 easy ways to spot threats:
1. Watch for Unusual Behavior
Look for actions that don’t feel normal:
• Logging in at odd hours
• Accessing files, they usually don’t
• Sudden large downloads…Read more

On April 7, 2026, a supply chain attack has been identified involving a malicious npm package named gemini-ai-checker, designed to steal credentials and sensitive data from AI development environments.

The package masqueraded as a utility for validating Google Gemini API tokens but instead deployed malware capable of credential…Read more

🧠 What Makes Threat Hunting Important?

Modern attacks are often stealthy. Threat hunting helps detect attackers who may already be…Read more

On April 7, 2026, a supply chain attack has been identified involving a malicious npm package named gemini-ai-checker, designed to steal credentials and sensitive data from AI development environments.

The package masqueraded as a utility for validating Google Gemini API tokens but instead deployed malware capable of credential…Read more

On April 7, 2026, a large-scale exploitation campaign targeting Next.js applications have been observed, leveraging the critical React2Shell vulnerability.

The vulnerabilities:
• CVE-2025-55182 (React2Shell)
• CVE-2025-66478 (Next.js related exposure)

The flaw allows unauthenticated remote code execution (RCE) via a crafted HTT…Read more

1. Define Your Mission and Scope
Begin by identifying what your SOC is protecting and why. Clarify business objectives, compliance…Read more

On March 30, 2026, Check Point Research (CPR) disclosed a critical vulnerability in ChatGPT’s code execution environment that allowed for silent data exfiltration.
The flaw leveraged a hidden outbound communication channel (DNS tunneling) to bypass OpenAI’s sandboxing, allowing sensitive user data including uploaded files and chat his…Read more

Why Do You Pentest Your Website?
Attacks such as SQL injection, cross-site scripting (XSS), and authentication bypass frequently target…Read more

On March 31, 2026, a critical supply chain attack has been identified involving the widely used JavaScript library axios, where malicious packages were introduced into the NPM ecosystem.

The compromise allowed attackers to deploy a remote access trojan (RAT) capable of stealing credentials and maintaining persistent access across…Read more

1. Isolate Right Away
Disconnect impacted systems from the network as soon…Read more

March 30, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog due to confirmed active exploitation.

The vulnerability added:
• CVE-2026-3055 – Citrix NetScaler Out-of-Bounds Read Vulnerability

CISA warns that this type of vul…Read more

Recently, an organization faced a phishing attack that compromised several employee accounts. Because our incident response program was aligned with NIST C…Read more

🧭 1. Understand What VAPT Is
VAPT combines:
Vulnerability Assessment → Finding weakn…Read more

1. Disconn…Read more

On March 29, 2026, the Department of Public Works and Highways (DPWH) ransomware incident has escalated following partial data leaks attributed to the Bashe Ransomware group (APT73).

The threat actor claimed to have exfiltrated approximately 50GB of data, with an initial 1.77GB sample already released and analyzed.

Initial…Read more

On March 25, 2026, Kali Linux released version 2026.1, marking the first major update of the year for the widely used penetration testing distribution.

The update introduces 8 new security tools, major system improvements, and enhancements in mobile penetration testing capabilities.

Key updates include:
• Linux kernel upgraded t…Read more

On March 23, 2026, Shadowserver’s daily network scans revealed over 511,000 End-of-Life (EOL) Microsoft Internet Information Services (IIS) instances actively exposed on the internet.

The exposed servers:
• Include more than 227,000 servers beyond the Microsoft Extended Security Updates (ESU) period.
• Are geographically conce…Read more

On March 21, 2026, Microsoft released an emergency out-of-band (OOB) update for Windows 11 to fix a critical Microsoft account sign-in failure introduced by the March 2026 Patch Tuesday update.

The issue affected users who installed the cumulative update KB5079473, preventing them from signing into Microsoft services due to a false…Read more

Security researchers uncovered a phishing campaign distributing digitally signed malware disguised as legitimate workplace applications such as Microsoft Teams, Zoom, and Adobe Acrobat Reader.

The attackers used valid Extended Validation (EV) code-signing certificates to make the malicious executables appear legitimate, helping them…Read more

LexisNexis Legal & Professional confirmed that threat actors breached its servers and accessed customer and business information after attackers leaked approximately 2GB of stolen data on underground forums.

The breach reportedly involved unauthorized access to several internal servers containing legacy and deprecated data, primarily…Read more

CVE and patch management are important practices for identifying and fixing security vulnerabilities in systems and software. A Common Vulnerabilities and Exposures (CVE) is a publicly known security flaw that attackers may exploit. Patch management ensures that security updates are applied quickly to protect systems from these…Read more

On February 26, 2026, Microsoft Defender for Office 365 (MDO) URL click alerts will now include Microsoft Teams messages. This update allows security teams to detect and investigate malicious link clicks in Teams, extending visibility beyond email without affecting user workflows.

Feature Rollout Timeline:

• Public Preview (…Read more

On February 23, 2026, Microsoft has unveiled the Sentinel playbook generator, a new automation capability designed to revolutionize SOC automation by allowing teams to create fully functional Sentinel playbooks using natural language descriptions rather than hand-coded workflows. This marks the first milestone in Microsoft’s n…Read more

Red Team – Simulates real-world attackers. They perform adversary emulation, penetration testing, and advanced attack simulations to identify security gaps before actual thr…Read more

Common GCash Scams to Watch Out For
• Phishing links via SMS, email, or social media pretending to be GCash
• Fake promos or giveaways asking you to click a link or sen…Read more

On February 26, 2026, Cisco disclosed a critical zero‑day vulnerability in its Catalyst SD‑WAN products that has been actively exploited in the wild since at least 2023 by a sophisticated threat actor. The flaw allows unauthenticated attackers to bypass authentication controls and gain administrative access to SD‑WAN contr…Read more

I like that you focus on hands-on experience, not just certifications. Labs, log analysis, and real practice are what truly prepare someone for a SOC role. The suggestion to…Read more

Organizations using affected versions should patch immediately and…Read more