APDPO

2025-03-01

The Asia-Pacific Data Privacy Organization (APDPO) was established five months, three days ago on March 1, 2025. This initiative seeks to bridge and bring together stakeholders in data privacy across the region, focusing on knowledge sharing and encouraging collaboration to strengthen privacy protections, cybersecurity, and the safe, responsible, and ethical use of AI across Asia-Pacific.

2025-03-08

Magie Antonio has been invited to serve as the Country Head for APDPO in the Philippines. Magie will spearhead local initiatives, build partnerships, and promote privacy awareness that translates into operational compliance with data privacy regulations, while advocating for the enhancement of the robust framework in the country and contributing to regional best practices across the Asia-Pacific.

2025-03-18

In cooperation with Bureau Veritas, APDPO conducted its first upskilling project, delivering comprehensive data privacy and cybersecurity training to professionals at Visayan Electric (VECO) in Cebu City, Philippines. This collaboration equips participants with essential skills to effectively tackle the country’s evolving data privacy challenges.

2025-04-01

Special thanks to Magie Antonio for sponsoring the infrastructure of APDPO.com. This platform will connect privacy professionals and organizations across the Asia-Pacific, promoting collaboration and facilitating the exchange of valuable knowledge to enhance regional initiatives in data privacy, cybersecurity, and artificial intelligence.

2025-04-08

Akira Sato has been invited to serve as the Country Head for APDPO in Japan. Akira will cultivate partnerships with local organizations, elevate awareness of privacy practices, ensure compliance with data privacy regulations, advocate for continuous improvements, and share insights to enhance regional standards across the Asia-Pacific.

2025-04-10

Alex Lee has been invited to serve as the Country Head for APDPO in Singapore. Alex will advance data protection initiatives, work closely with local stakeholders to promote privacy awareness and ensure compliance with the nation’s data privacy regulations, while contributing insights to bolster regional standards across the Asia-Pacific.

2025-07-16

Coinciding with AI Appreciation Day, APDPO and Community Health Education Emergency Rescue Services (CHEERS) formally launched a partnership to promote data privacy, cybersecurity, and the responsible use of AI in resilience, initiatives addressing Violence Against Women and Children (VAWC), and elderly care.

85%

of Asia-Pacific jurisdictions have enacted or drafted personal data protection laws.

46%

of APAC countries have dedicated national data protection authorities.

35%

of jurisdictions require mandatory breach notifications.

19%

have cross-border data transfer laws modeled after the GDPR.

31%

have issued official AI ethics or governance frameworks.

90%

of large enterprises in APAC are subject to multi-jurisdictional data compliance obligations.

East Asia

Japan
China
South Korea
Taiwan
Hong Kong
Mongolia

Southeast Asia

Philippines
Vietnam
Thailand
Malaysia
Singapore
Indonesia
Myanmar
Laos
Cambodia
Brunei

South Asia

India
Sri Lanka
Pakistan
Bangladesh
Nepal
Bhutan

Oceania

Australia
New Zealand
Papua New Guinea
Fiji

APDPO connects organizations across Asia-Pacific to strengthen skills and knowledge in data privacy, cybersecurity, and AI. Membership is open to organizations committed to these fields, with no strict entry requirements—just a shared interest in collaboration and growth. A low annual membership fee of SGD 1,200 per organization encourages broad participation and unlocks member discounts and special opportunities. Membership starts with registration and participation. Over time, active members may be invited to lead initiatives, host activities, and represent their sector or country.

Training Access

Priority early registration for regional and role-specific training ahead of public release.

Certification Discounts

Reduced rates on APDPO certifications compared to standard rates for non-members.

Skills Development

Practical guidance from foundational policies through international alignment.

Co-Branding

Joint events and certifications, plus logos on the APDPO website and member microsites.

APDPO tracks critical Common Vulnerabilities and Exposures (CVEs), including those related to AI, that could compromise organizational systems or expose sensitive data. Consolidated CVE information from publicly available sources is freely available via RSS and JSON feeds at APDPO.com for all interested organizations.

CVE-2025-46093

2025-08-05

LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration.

CVE-2023-6816

2025-08-05

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

CVE-2025-2523

2025-08-04

The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a failure during subtraction allowing remote code execution. Honeywell recommends updating to the most recent version of Honeywell Experion PKS:520.2 TCU9 HF1 and 530.1 TCU3 HF1 and OneWireless: 322.5 and 331.1. The affected Experion PKS products are C300 PCNT02, C300 PCNT05, FIM4, FIM8, UOC, CN100, HCA, C300PM, and C200E. The Experion PKS versions affected are from 520.1 through 520.2 TCU9 and from 530 through 530 TCU3. The OneWireless WDM affected versions are 322.1 through 322.4 and 330.1 through 330.3.

CVE-2025-52239

2025-08-04

An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.

CVE-2018-18748

2025-08-05

Sandboxie 5.26 allows a Sandbox Escape via an "import os" statement, followed by os.system("cmd") or os.system("powershell"), within a .py file. NOTE: the vendor disputes this issue because the observed behavior is consistent with the product's intended functionality.

CVE-2017-12337

2025-07-31

A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. An attacker who can access an affected device over SFTP while it is in a vulnerable state could gain root access to the device. This access could allow the attacker to compromise the affected system completely. Cisco Bug IDs: CSCvg22923, CSCvg55112, CSCvg55128, CSCvg55145, CSCvg58619, CSCvg64453, CSCvg64456, CSCvg64464, CSCvg64475, CSCvg68797.

CVE-2018-1273

2025-07-30

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.

CVE-2017-15944

2025-07-30

Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.