APDPO

2025-03-01

The Asia-Pacific Data Privacy Organization (APDPO) was established six months, twenty days ago on March 1, 2025. This initiative seeks to bridge and bring together stakeholders in data privacy across the region, focusing on knowledge sharing and encouraging collaboration to strengthen privacy protections, cybersecurity, and the safe, responsible, and ethical use of AI across Asia-Pacific.

2025-03-08

Magie Antonio has been invited to serve as the Country Head for APDPO in the Philippines. Magie will spearhead local initiatives, build partnerships, and promote privacy awareness that translates into operational compliance with data privacy regulations, while advocating for the enhancement of the robust framework in the country and contributing to regional best practices across the Asia-Pacific.

2025-03-18

In cooperation with Bureau Veritas, APDPO conducted its first upskilling project, delivering comprehensive data privacy and cybersecurity training to professionals at Visayan Electric (VECO) in Cebu City, Philippines. This collaboration equips participants with essential skills to effectively tackle the country’s evolving data privacy challenges.

2025-04-01

Special thanks to Magie Antonio for sponsoring the infrastructure of APDPO.com. This platform will connect privacy professionals and organizations across the Asia-Pacific, promoting collaboration and facilitating the exchange of valuable knowledge to enhance regional initiatives in data privacy, cybersecurity, and artificial intelligence.

2025-04-08

Akira Sato has been invited to serve as the Country Head for APDPO in Japan. Akira will cultivate partnerships with local organizations, elevate awareness of privacy practices, ensure compliance with data privacy regulations, advocate for continuous improvements, and share insights to enhance regional standards across the Asia-Pacific.

2025-04-10

Alex Lee has been invited to serve as the Country Head for APDPO in Singapore. Alex will advance data protection initiatives, work closely with local stakeholders to promote privacy awareness and ensure compliance with the nation’s data privacy regulations, while contributing insights to bolster regional standards across the Asia-Pacific.

2025-07-16

Coinciding with AI Appreciation Day, APDPO and Community Health Education Emergency Rescue Services (CHEERS) formally launched a partnership to promote data privacy, cybersecurity, and the responsible use of AI in resilience, initiatives addressing Violence Against Women and Children (VAWC), and elderly care.

2025-08-07

Magie Antonio, APDPO Country Head for the Philippines, represented the organization at the INTERPOL Project SynthWave Member Country Visit at the Philippine Center on Transnational Crime, examining risks of AI-driven synthetic media. APDPO’s participation reflects its commitment to regional collaboration on data protection.

85%

of Asia-Pacific jurisdictions have enacted or drafted personal data protection laws.

46%

of APAC countries have dedicated national data protection authorities.

35%

of jurisdictions require mandatory breach notifications.

19%

have cross-border data transfer laws modeled after the GDPR.

31%

have issued official AI ethics or governance frameworks.

90%

of large enterprises in APAC are subject to multi-jurisdictional data compliance obligations.

East Asia

Japan
China
South Korea
Taiwan
Hong Kong
Mongolia

Southeast Asia

Philippines
Vietnam
Thailand
Malaysia
Singapore
Indonesia
Myanmar
Laos
Cambodia
Brunei

South Asia

India
Sri Lanka
Pakistan
Bangladesh
Nepal
Bhutan

Oceania

Australia
New Zealand
Papua New Guinea
Fiji

APDPO connects organizations across Asia-Pacific to strengthen skills and knowledge in data privacy, cybersecurity, and AI. Membership is open to organizations committed to these fields, with no strict entry requirements—just a shared interest in collaboration and growth. A low annual membership fee of SGD 1,200 per organization encourages broad participation and unlocks member discounts and special opportunities. Membership starts with registration and participation. Over time, active members may be invited to lead initiatives, host activities, and represent their sector or country.

Training Access

Priority early registration for regional and role-specific training ahead of public release.

Certification Discounts

Reduced rates on APDPO certifications compared to standard rates for non-members.

Skills Development

Practical guidance from foundational policies through international alignment.

Co-Branding

Joint events and certifications, plus logos on the APDPO website and member microsites.

APDPO tracks critical Common Vulnerabilities and Exposures (CVEs), including those related to AI, that could compromise organizational systems or expose sensitive data. Consolidated CVE information from publicly available sources is freely available via RSS and JSON feeds at APDPO.com for all interested organizations.

CVE-2025-6544

2025-09-21

A deserialization vulnerability exists in h2oai/h2o-3 versions.

CVE-2025-34205

2025-09-20

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in multiple Docker-hosted PHP instances. A script named /var/www/app/resetroot.php (found in several containers) lacks authentication checks and, when executed, performs a SQL update that sets the database administrator username to 'root' and its password hash to the SHA-512 hash of the string 'password'. Separately, commented-out code in /var/www/app/lib/common/oses.php would unserialize session data (unserialize($_SESSION['osdata']))—a pattern that can enable remote code execution if re-enabled or reached with attacker-controlled serialized data. An attacker able to reach the resetroot.php endpoint can trivially reset the MySQL root password and obtain full database control; combined with deserialization issues this can lead to full remote code execution and system compromise.

CVE-2025-10035

2025-09-20

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection.

CVE-2024-9643

2025-09-20

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.

CVE-2022-27304

2025-09-19

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.

CVE-2022-28024

2025-09-19

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=grade.

CVE-2022-28025

2025-09-19

Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=school_year.

CVE-2020-16010

2025-09-16

Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.