DPWH website defaced amid protests over alleged fund corruption

DPWH website defaced amid anti-corruption protests

By: - Reporter / @luisacabatoINQ
/ 09:19 AM September 22, 2025

DPWH website defaced amid protests over alleged fund corruption

The Department of Public Works and Highways  website was defaced on Sunday, Sept. 21, 2025, amid protests over alleged corruption involving the agency’s funds.

MANILA, Philippines — The Department of Public Works and Highways (DPWH) website was defaced during a nationwide protest against alleged corruption involving the agency’s funds, a cybersecurity group said.

In a social media post on Sunday, Deep Web Konek said the agency’s website was defaced by a group calling itself the “Darkframe Cyber Alliance.”

Article continues after this advertisement

READ: Tens of thousands join anti-corruption protests in Metro Manila

FEATURED STORIES

The group posted a message on the compromised site condemning corruption within the agency: “This is a wake-up call to the Department of Public Works and Highways: corruption in public works steals from every community.”

“Fix the systems that enable corruption, prioritize people over profits, and rebuild credibility from the ground up,” it added.

Deep Web Konek said the attack exploited XSS (Cross-Site Scripting) vulnerability rather than a full site takeover, allowing the injection of malicious client-side scripts into the website.

Article continues after this advertisement

The cybersecurity group noted that the incident revealed a “serious security flaw” that could be exploited and might enable more dangerous attacks if not properly fixed.

The DPWH website was no longer defaced as of this posting time.

Article continues after this advertisement

Separately, Deep Web Konek also reported an alleged data breach in the eGov PH platform of the Department of Information and Communications Technology (DICT), which purportedly exposed more than 30,000 complainant records.

“The leaked data includes complaint messages, case details, and status updates. Personal identifiers were also visible in the samples shared by the threat actor, although the authenticity and full scope of the breach remain unverified,” it said.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

“The actor, using the name “Dedsec_Manila,” claimed responsibility for the incident, saying the alleged breach was carried out through the eGov API,” it added.

Inquirer has sought comment from the DPWH and DICT, but received no response by posting time./mcm/abc

TAGS: DPWH

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2026 INQUIRER.net | All Rights Reserved