MASSIVE government data breach in the Philippines: The DILG is investigating an alleged leak of over 40 MILLION records from its Full Disclosure Policy Portal (FDPP). This incident highlights the critical national security risks posed by ongoing cyberattacks on state systems and the urgent need to secure Philippine data. Read the full report.

Cyberwarfare is a new reality, turning businesses into collateral damage. Leaders must shift their strategy to corporate resilience. Learn how to fortify your defenses, implement Zero Trust, secure your supply chain, and conduct tabletop exercises to survive the spillover effects of global tensions. Proactive preparation is non-negotiable.

Excerpt (Below 500 characters) Arup's $25M deepfake scam is a watershed moment, showing AI is now weaponized for corporate fraud. Criminals used deepfakes of the CFO and executives in a video call to bypass human trust, leading a finance worker to transfer $25 million. The incident highlights the urgent need for new non-tech defenses, like code words, to combat "technology-enhanced social engineering." The fallout is driving a critical debate over AI regulation.

State-sponsored hackers are exploiting critical Cisco ASA/FTD zero-days, using an advanced ROM-level technique to achieve persistence that survives reboots. CISA has mandated immediate action, urging global and Philippine networks (including banks, telcos, and government agencies) to conduct forensic sweeps and patch systems against this highly sophisticated threat.

The UK Cyber Security and Resilience Bill is set to overhaul digital defenses. It expands regulation to include MSPs and data centers, demanding stricter incident reporting and proactive risk management. Learn the essential steps your organization must take to prepare for this mandatory compliance framework.

On September 21, coordinated cyberattacks targeted numerous Philippine government websites amid anti-corruption rallies. Seven national and 13 local government sites were breached, but officials say no sensitive data was stolen and the sites were quickly restored.

A landmark data privacy lawsuit against Shopify is changing the rules for e-commerce. A recent court ruling suggests that online companies can be held accountable in any U.S. state where they collect user data, regardless of their physical location. This case serves as a powerful wake-up call, highlighting the crucial need for transparent data practices in the digital age.

The FBI has warned that hackers are using new tactics to target company Salesforce systems. The group UNC6040 uses a phone scam to trick employees into installing fake software. Another group, UNC6395, is targeting third-party apps to steal access keys. The warning advises businesses to educate employees, audit apps, and improve login security.

Evolving state privacy laws in the U.S. strengthen consumer rights to access, correct, and delete personal data. New regulations in Delaware and Nebraska are expanding their scope to include non-profits and small businesses. Some laws, like New Hampshire's, require compliance with a Global Privacy Control signal, giving consumers more automated control over their data.

The Securities and Exchange Board of India (SEBI) has a new Cybersecurity and Cyber Resilience Framework to ease compliance for smaller firms. It introduces graded compliance norms and holds senior management accountable for cyber governance. While praised, experts warn that smaller firms may face challenges with the transition, and success depends on effective, cost-effective implementation to build resilience across the entire market.