LendUs Family is now CrossCountry Mortgage, LLC. NMLS3029
With 26 years of operations in the Philippines, we have the largest agency force of more than 39,000 licensed financial advisers ready to listen, understand and deliver. We are an innovative force in the life insurance industry who pioneered investment-linked or unit-linked insurance in the Philippines in 2002. Our commitment is to provide accessible and affordable health and wealth protection solutions to Filipinos. We continue to be one of the leading insurers in the country, ranking first in terms of Total Renewal Premium Income from Variable Life Insurance Products and in terms of New Business Annual Premium Equivalent as of Q1 2023, according to the Insurance Commission. For two consecutive years, we have been awarded as the International Life Insurer of the Year for the Philippines. Pru Life UK and Prudential plc are not affiliated with Prudential Financial, Inc., (a company whose principal place of business is in the United States of America), Prudential Assurance Company Limited (a subsidiary of M&G plc, a company incorporated in the United Kingdom), Philippine Prudential Life Insurance Company, Prudentialife Plans, Inc. or Prudential Guarantee and Assurance, Inc. (all Philippine-registered companies). Pru Life UK is a life insurance company and is not engaged in the business of selling pre-need plans. Pru Life UK is headquartered in 9/F Uptown Place Tower 1,1 East 11th Drive, Uptown Bonifacio, Taguig City 1634, Metro Manila, Philippines. Visit www.prulifeuk.com.ph/en/contact-us/ for the PRU Customer Assistance Team’s contact information & complete list of our branches. The PRU Customer Assistance team processes customer concerns based on applicable timelines provided by the law. Pru Life UK is legally permitted to provide financial products or services in the Philippines as regulated by the Insurance Commission. Visit www.insurance.gov.ph/contact-us/ for the Insurance Commission’s complete contact information and list of offices nationwide.
Security & Compliance Standards Overview
No incidents recorded for LendUS in 2025.
No incidents recorded for Pru Life UK in 2025.
LendUS cyber incidents detection timeline including parent company and subsidiaries
Pru Life UK cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
Sigstore Timestamp Authority is a service for issuing RFC 3161 timestamps. Prior to 2.0.3, Function api.ParseJSONRequest currently splits (via a call to strings.Split) an optionally-provided OID (which is untrusted data) on periods. Similarly, function api.getContentType splits the Content-Type header (which is also untrusted data) on an application string. As a result, in the face of a malicious request with either an excessively long OID in the payload containing many period characters or a malformed Content-Type header, a call to api.ParseJSONRequest or api.getContentType incurs allocations of O(n) bytes (where n stands for the length of the function's argument). This vulnerability is fixed in 2.0.3.
Monkeytype is a minimalistic and customizable typing test. In 25.49.0 and earlier, there is improper handling of user input which allows an attacker to execute malicious javascript on anyone viewing a malicious quote submission. quote.text and quote.source are user input, and they're inserted straight into the DOM. If they contain HTML tags, they will be rendered (after some escaping using quotes and textarea tags).
SysReptor is a fully customizable pentest reporting platform. Prior to 2025.102, there is a Stored Cross-Site Scripting (XSS) vulnerability allows authenticated users to execute malicious JavaScript in the context of other logged-in users by uploading malicious JavaScript files in the web UI. This vulnerability is fixed in 2025.102.
Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox._verifyBatches (packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678) advanced the local tid to whatever transition matched the current blockHash before knowing whether that batch would actually be verified. When the loop later broke (e.g., cooldown window not yet passed or transition invalidated), the function still wrote that newer tid into batches[lastVerifiedBatchId].verifiedTransitionId after decrementing batchId. Result: the last verified batch could end up pointing at a transition index from the next batch (often zeroed), corrupting the verified chain pointer.
A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
