APDPO
Asia-Pacific Data Privacy Organization
apdpo.com
2025-03-01
The Asia-Pacific Data Privacy Organization (APDPO) was established one year, three months, twelve days ago on March 1, 2025. This initiative seeks to bridge and bring together stakeholders in data privacy across the region, focusing on knowledge sharing and encouraging collaboration to strengthen privacy protections, cybersecurity, and the safe, responsible, and ethical use of AI across Asia-Pacific.
2025-03-08
Magie Antonio has been invited to serve as the Country Head for APDPO in the Philippines. Magie will spearhead local initiatives, build partnerships, and promote privacy awareness that translates into operational compliance with data privacy regulations, while advocating for the enhancement of the robust framework in the country and contributing to regional best practices across the Asia-Pacific.
2025-03-18
In cooperation with Bureau Veritas, APDPO conducted its first upskilling project, delivering data privacy and cybersecurity training to professionals at Visayan Electric (VECO) in Cebu City, Philippines. Arranged by Magie Antonio of APDPO and Atty. Ernie Villarin of VECO, the initiative equipped participants with skills to address the country’s evolving data privacy challenges.
2025-04-01
Special thanks to Magie Antonio for sponsoring the infrastructure of APDPO.com. This platform will connect privacy professionals and organizations across the Asia-Pacific, enabling the exchange of valuable knowledge and best practices. It will support regional initiatives in data privacy, cybersecurity, and artificial intelligence, strengthening the APDPO community and its impact across the region.
2025-04-08
Akira Sato has been invited to serve as the Country Head for APDPO in Japan. Akira will cultivate partnerships with local organizations, elevate awareness of privacy practices, ensure compliance with data privacy regulations, advocate for continuous improvements, and share insights to enhance regional standards across the Asia-Pacific.
2025-04-10
Alex Lee has been invited to serve as the Country Head for APDPO in Singapore. Alex will advance data protection initiatives, work closely with local stakeholders to promote privacy awareness and ensure compliance with the nation’s data privacy regulations, while contributing insights to bolster regional standards across the Asia-Pacific.
2025-07-16
Coinciding with AI Appreciation Day, APDPO and Community Health Education Emergency Rescue Services (CHEERS) formally launched a partnership to promote data privacy, cybersecurity, and the responsible use of AI in resilience, initiatives addressing Violence Against Women and Children (VAWC), and elderly care. The agreement was signed by APDPO Country Head for the Philippines Magie Antonio and CHEERS founder Dr. Sandy Montano.
2025-08-07
Magie Antonio, APDPO Country Head for the Philippines, represented APDPO in the INTERPOL Project SynthWave Member Country Visit at the Philippine Center on Transnational Crime, where INTERPOL’s Toshinobu Yasuhira, Abdullah Fuad Aljalahma, Libni Garg, and local stakeholders discussed risks of AI-driven synthetic media. Hosted by Generals Benjamin Batara, Noel Baraceros, and Cesar Binag, the event reflected APDPO’s commitment to regional collaboration in data protection.
2025-10-07
APDPO and the Philippine College of Criminology (PCCR) have formalized a strategic partnership to strengthen data privacy, cybersecurity, and ethical AI principles in criminal justice education. The agreement was signed by APDPO Country Head for the Philippines Magie Antonio and PCCR President Lei Bautista. This collaboration will advance curriculum development, faculty training, research projects, and micro-credential programs at the intersection of law enforcement and data protection.
2025-10-24
Magie Antonio, Country Head for APDPO in the Philippines, received the Woman of Excellence in Digitalization and Humanitarian Service award at the 80th United Nations Anniversary Celebration. The ceremony honored distinguished leaders including ambassadors from Indonesia, the United Arab Emirates, and Qatar, along with senior Philippine government officials. This recognition signals the importance of integrating data privacy, cybersecurity, and ethical AI in humanitarian service.
2025-10-31
APDPO concludes Cybersecurity Awareness Month with its first "Leading with Privacy" profile, featuring Police Major General Jericho Baldeo, Data Protection Officer of the Philippine National Police. He shared insights on integrating data privacy with effective law enforcement to earn public trust and uphold human rights with Magie Antonio, APDPO Country Head for the Philippines, during her courtesy call to the Directorate for Information and Communications Technology Management.
2026-01-01
APDPO encourages organizations to join in celebrating the internationally observed Data Privacy Day on January 28 through awareness activities that promote personal data protection. With APDPO providing subject matter experts and organizations handling accommodation and transportation, participation reflects commitment to data privacy, legal compliance, and stakeholder trust. Interested organizations may contact info@apdpo.com for available slots.
APDPO
Asia-Pacific Data Privacy Organization
85%
of Asia-Pacific jurisdictions have enacted or drafted personal data protection laws.
46%
of APAC countries have dedicated national data protection authorities.
35%
of jurisdictions require mandatory breach notifications.
19%
have cross-border data transfer laws modeled after the GDPR.
31%
have issued official AI ethics or governance frameworks.
90%
of large enterprises in APAC are subject to multi-jurisdictional data compliance obligations.
East Asia
Japan
China
South Korea
Taiwan
Hong Kong
Mongolia
Southeast Asia
Philippines
Vietnam
Thailand
Malaysia
Singapore
Indonesia
Myanmar
Laos
Cambodia
Brunei
South Asia
India
Sri Lanka
Pakistan
Bangladesh
Nepal
Bhutan
Oceania
Australia
New Zealand
Papua New Guinea
Fiji
APDPO connects organizations across Asia-Pacific to strengthen skills and knowledge in data privacy, cybersecurity, and AI. Membership is open to organizations committed to these fields, with no strict entry requirements—just a shared interest in collaboration and growth. A low annual membership fee of SGD 1,200 per organization encourages broad participation and unlocks member discounts and special opportunities. Membership starts with registration and participation. Over time, active members may be invited to lead initiatives, host activities, and represent their sector or country.
Training Access
Priority early registration for regional and role-specific training ahead of public release.
Certification Discounts
Reduced rates on APDPO certifications compared to standard rates for non-members.
Skills Development
Practical guidance from foundational policies through international alignment.
Co-Branding
Joint events and certifications, plus logos on the APDPO website and member microsites.
APDPO tracks critical Common Vulnerabilities and Exposures (CVE), including those related to AI, that could compromise organizational systems or expose sensitive data. Consolidated CVE information from publicly available sources is freely available via RSS and JSON feeds at APDPO.com for all interested organizations.
CVE-2026-11624
2026-06-13
The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebinding attacks. Prior to the v0.25.0 release, users had no way to validate the origin's host. In v0.25.0, a new "--allowed-hosts" flag was introduced alongside the existing "--allowed-origins" flag, enabling users to specify permitted hosts at server startup. Both flags default to "*", allowing users to implement strict access controls as needed without breaking existing setups. If either flag is set to "*", the server will output a startup warning about potential vulnerabilities. Documentation has also been updated to highlight these security considerations.
GHSA-M93H-GJV2-FMQ2
2026-06-13
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.
CVE-2026-41005
2026-06-13
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the OAuth 2.0 SAML2 bearer grant (token endpoint) and browser SSO (ACS) when wantAssertionSigned is set to false. Assertions or responses that were unsigned but contained encrypted content could still be accepted. Encryption uses the SP's public key from published metadata, therefore, any party, not only a trusted IdP, can produce ciphertext UAA can decrypt; successful decryption therefore does not prove the IdP issued the message. Affected versions: Cloud Foundry UAA (uaa_release) 2.0.0 through 78.13.0. Cloud Foundry CF Deployment all versions through 56.1.0.
CVE-2026-53519
2026-06-13
Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check uses strings.HasPrefix, not a path-segment match, so the input /dashboard../data/config.yaml is accepted; strings.TrimPrefix leaves ../data/config.yaml; and path.Join("admin-dist", "../data/config.yaml") normalizes to data/config.yaml — which os.Stat finds and http.ServeFile returns. No authentication required. This issue has been patched in version 2.0.13.
CVE-2023-34576
2026-06-12
SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.
CVE-2023-34575
2026-06-12
SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods.
CVE-2023-36263
2026-06-12
Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.
CVE-2018-16988
2026-06-08
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.
apdpo.com does not use cookies