Tag: whatsapp
49 articles

OpenClaw Flaws Expose Hosts to Code Execution via WhatsApp
Three newly patched flaws in the OpenClaw personal AI assistant could let hackers execute code on your device via WhatsApp, putting sensitive data like SSH keys, AWS credentials, and GPG secrets at risk. This alarming vulnerability was addressed in OpenClaw version 2026.6.6.

India Warns WhatsApp Over Username Rollout Citing Security Risks
India's Ministry of Electronics and Information Technology has warned WhatsApp to halt its global rollout of a new usernames feature, citing security risks, and given the Meta-owned platform just three days to respond. The move has sparked concerns over regulatory action and the protection of user data.

WhatsApp Introduces Usernames to Enhance User Privacy
WhatsApp is rolling out a new feature that lets you reserve a unique username, giving you more control over your privacy and allowing you to keep your phone number hidden. This move is all about putting you in the driver's seat, letting you choose how you connect with others on the platform.

US Offers Bounty for Hackers Targeting WhatsApp, Signal Users
The US government is cracking down on hackers targeting WhatsApp and Signal users, offering up to $10 million for information that helps track down those behind the attacks. The move aims to take down Russian-linked hacker groups that have been phishing US officials, military leaders, and allied personnel.

FBI Warns of Russian Hackers Targeting Signal with Recovery Key Phishing
Beware of scammers posing as Signal support - the FBI and CISA warn that Russian hackers are using recovery key phishing to target users, so treat any in-app message from Signal support with extreme caution. Stay safe by being vigilant about unexpected messages.

WhatsApp Targeted in VBScript Campaign Installing ManageEngine RMM Tool
Malicious actors are using WhatsApp to trick victims into downloading and executing a Visual Basic Script (VBScript) file, disguised as a business or financial document, which ultimately installs a legitimate Remote Monitoring and Management (RMM) tool. The campaign has been detected in multiple countries worldwide, with Malaysia being the hardest hit.

WhatsApp VBScript Campaign Targets Global Users with RMM Software
Malicious actors are targeting WhatsApp users worldwide with a sneaky VBScript campaign, compromising accounts to spread harmful files through direct messages. In a shocking concentration of attacks, 80% of victims were in Malaysia, highlighting the need for users to stay vigilant.

NSO Group Defies Court Order, Continues Targeting WhatsApp Users
Despite a court order blocking it from doing so, NSO Group continues to target WhatsApp users, defying the ruling and putting users at risk. The company is fighting to overturn the order, claiming it will suffer harm if it's forced to comply.

WhatsApp Disrupts NSO Group's Spearphishing Campaign
WhatsApp has successfully shut down a sneaky phishing campaign by notorious spyware firm NSO Group, which tried to trick users into clicking malicious links to spy on them. The messaging giant is now asking a US court to hold NSO Group accountable for violating a ban on targeting users.

Meta Alleges NSO Group Breaches Spyware Injunction
Meta just took a bold stand against NSO Group, the notorious spyware maker, by ramping up legal action after thwarting a sneaky phishing campaign aimed at WhatsApp users. The tech giant successfully blocked NSO-linked attempts to trick people into clicking malicious links, despite a US court injunction already in place.

WhatsApp Disrupts NSO Group's Spyware Phishing Campaigns
Meta's WhatsApp team swiftly sprang into action, disrupting a sophisticated spyware phishing campaign linked to the NSO Group after investigating user reports of targeted social-engineering attacks. They successfully stopped the attackers' attempts to trick people into clicking malicious links that could have put their data at risk.

Meta Accuses NSO Group of Breaching WhatsApp Injunction
Meta is taking a stand against NSO Group, accusing the Israeli spyware vendor of breaching a WhatsApp injunction by targeting users with social engineering attempts. The company claims it successfully thwarted these malicious efforts, but is now asking a federal judge to hold NSO Group in contempt.

TCLBanker Malware Spreads Rapidly via WhatsApp, Outlook
Beware of a rapidly spreading malware, TCLBanker, that's infecting 59 major banking, fintech, and cryptocurrency platforms through sneaky WhatsApp and Outlook attacks. This sneaky trojan uses a fake Logitech AI Prompt Builder installer to wreak havoc on your digital security.

UK Warns of Targeted Attacks on WhatsApp and Signal Accounts
The UK's cybersecurity agency has issued a warning about hackers targeting WhatsApp and Signal accounts, specifically using social engineering tactics to gain access to private conversations. To stay safe, "high-risk" individuals can take steps to protect themselves from these types of cyber-attacks.

WhatsApp Exposes Italian Users to Spyware via Fake iOS App
WhatsApp has alerted around 200 users, mostly in Italy, about a sneaky spyware attack that hit them after they downloaded a fake version of the app for iOS. This alarming incident raises a crucial question: how can you trust that the app on your phone is genuine?

Microsoft Flags WhatsApp-Delivered VBS Malware Bypassing Windows UAC
Beware of WhatsApp attachments from familiar numbers - they might be malicious VBS files designed to quietly hijack your Windows system. A sneaky new campaign uses decades-old scripting language to bypass Windows UAC and give attackers remote access.

WhatsApp Abused in Critical Multi-Stage Attack Warns Microsoft
Beware: a simple WhatsApp message can be the gateway for hackers to take control of your entire corporate network, as Microsoft warns of a new multi-stage social-engineering campaign exploiting the popular messaging app's security vulnerabilities. Stay vigilant - your harmless "ping" could be the weakest link in your security chain!

CISA: Exclusive Critical Spyware Threat to Signal, WhatsApp
CISA warns that commercial spyware and remote‑access trojans are being used to compromise Signal and WhatsApp—often via social engineering and sideloaded apps—turning everyday messaging into a gateway for stolen messages, media and device data.

WhatsApp Malware Exclusive: Brazil Banks’ Worst Threat
Imagine the app you use to call your mother being used to rob her bank — thats Brazils new reality as researchers link a WhatsApp-spread program called Maverick to the Coyote banking malware family. Built in .NET to decrypt, monitor and inject into banking sessions, this WhatsApp-delivered threat marks a worrying leap in scale and sophistication against Brazilian users and banks.

WhatsApp Web automation: Risky Must-Have Threat
What looked like handy WhatsApp Web productivity add-ons were actually 131 cloned Chrome extensions hijacked to blast spam across Brazil, reaching about 20,900 users before takedown. Socket’s investigation is a wake-up call—check extension reputations, limit permissions, and treat browser add-ons with the same caution you’d give any app that touches your messages.

Chat Control: Stunning German Win vs Risky EU Plan
Germany has put the brakes on the EU’s controversial “Chat Control” device‑scanning plan, turning a behind‑closed‑doors tech debate into a public showdown over encryption, privacy and how far governments should go to fight child abuse. Its opposition could stall client‑side scanning and forces Brussels to choose whether to prioritize citizens’ privacy or new surveillance powers.

Oracle zero-day: Must-Have Urgent Fix for Best Defense
This week’s cyber roundup proves attackers still love the path of least resistance: a critical Oracle zero-day, BitLocker deployment gaps that erode encryption guarantees, and a fast‑spreading WhatsApp “worm” that rode on trust. The takeaway? Patch, audit key management, and treat people and processes as the front lines of defense.

Android zero-day Critical Emergency: Must-Have Fix
Samsung just pushed an emergency patch for a critical Android zero‑day that’s been actively exploited — install it now to stop attackers from reading messages, using your mic, or tracking your device. Even after updating, enable automatic updates and avoid installing apps from untrusted sources to stay safer.

WhatsApp zero-day: Critical Risk, Must-Have Fixes
This week’s wake‑up call — a WhatsApp zero‑day, a Docker escape bug, and reported Salesforce access — shows how small misconfigurations and stolen credentials chain together into big breaches. Patch promptly, enable MFA, and tighten container and identity hygiene before attackers stitch those gaps into a compromise.