Category: WhatsApp
-
WhatsApp Chat Histories Stored Unencrypted on macOS and iOS
WhatsApp Chat Histories Stored Unencrypted on macOS and iOS Security researchers have revealed that WhatsApp chat histories may be stored unencrypted on both macOS and iOS devices, raising fresh concerns about local data protection and cross-application access within the Apple ecosystem. The issue, highlighted by iOS security researchers at Mysk, centers on how WhatsApp stores…
-
TCLBANKER Malware Targets Users Through Self-Propagating WhatsApp and Outlook Worm Modules
TCLBANKER Malware Targets Users Through Self-Propagating WhatsApp and Outlook Worm Modules A highly sophisticated Brazilian banking trojan named TCLBANKER, tracked under the campaign REF3076, this malware represents a major update to the older Maverick and SORVEPOTEL families. It stands out because it uses a fake, signed Logitech installer to infect systems and spreads automatically via…
-
Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats
Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats US Marines stationed around the Persian Gulf have been receiving WhatsApp messages from strangers suggesting they call home and make their final goodbyes. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
Meta Launches New Anti-Scam Tools on WhatsApp, Facebook and Messenger
Meta Launches New Anti-Scam Tools on WhatsApp, Facebook and Messenger Meta has launched a suite of advanced anti-scam tools across WhatsApp, Facebook, and Messenger to combat the growing industrialization of online fraud. These new defenses combine artificial intelligence, behavioral alerts, and global law enforcement partnerships to protect users proactively. To protect users from evolving social…
-
Threat Actors Allegedly Selling WhatsApp Crash Exploit on Hacking Forums
Threat Actors Allegedly Selling WhatsApp Crash Exploit on Hacking Forums A recent discovery on underground hacking forums has raised alarms about a new exploit targeting the popular messaging application, WhatsApp. Threat intelligence platforms have identified a threat actor allegedly offering a script designed to crash the application across multiple operating systems. This development highlights the…
-
WhatsApp New Strict Account Settings Option to Protect Your Account from Hackers
WhatsApp New Strict Account Settings Option to Protect Your Account from Hackers WhatsApp has introduced Strict Account Settings, a lockdown-style security feature designed to protect users from highly sophisticated cyber-attacks. The new privacy feature is specifically tailored for individuals who may be targets of advanced threats, including journalists, activists, and public figures who face elevated…
-
State-backed spyware attacks are targeting Signal and WhatsApp users, CISA warns
State-backed spyware attacks are targeting Signal and WhatsApp users, CISA warns CISA, the US Cybersecurity and Infrastructure Security Agency, has issued a new warning that cybercriminals and state-backed hacking groups are using spyware to compromise smartphones belonging to users of popular encrypted messaging apps such as Signal, WhatsApp, and Telegram. Read more in my article…
-
WhatsApp compromise leads to Astaroth deployment
WhatsApp compromise leads to Astaroth deployment Another campaign targeting WhatsApp users in Brazil spreads like a worm and employs multiple payloads for credential theft, session hijacking, and persistence Mindi McDowell Go to sophos
-
WhatsApp Worm Targets Brazilian Banking Customers
WhatsApp Worm Targets Brazilian Banking Customers Counter Threat Unit™ (CTU) researchers are investigating multiple incidents in an ongoing campaign targeting users of the WhatsApp messaging platform. The campaign, which started on September 29, 2025, is focused on Brazil and seeks to trick users into executing a malicious file attached to a self-spreading message received from…
-
Lawsuit About WhatsApp Security
Lawsuit About WhatsApp Security Attaullah Baig, WhatsApp’s former head of security, has filed a whistleblower lawsuit alleging that Facebook deliberately failed to fix a bunch of security flaws, in violation of its 2019 settlement agreement with the Federal Trade Commission. The lawsuit, alleging violations of the whistleblower protection provision of the Sarbanes-Oxley Act passed in…
-
Microsoft Patch Tuesday, September 2025 Edition
Microsoft Patch Tuesday, September 2025 Edition Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft’s most-dire “critical” label. Meanwhile, both…
-
Court Rules Against NSO Group
Court Rules Against NSO Group The case is over: A jury has awarded WhatsApp $167 million in punitive damages in a case the company brought against Israel-based NSO Group for exploiting a software vulnerability that hijacked the phones of thousands of users. I’m sure it’ll be appealed. Everything always is. Bruce Schneier Go to bruce…
-
Got a Microsoft Teams invite? Storm-2372 gang exploit device codes in global phishing attacks
Got a Microsoft Teams invite? Storm-2372 gang exploit device codes in global phishing attacks Security experts have warned that a cybercriminal group has been running a malicious and inventive phishing campaign since August 2024 to break into organizations across Europe, North America, Africa, and the Middle East. Read more in my article on the Tripwire…
-
Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware
Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware This is yet another story of commercial spyware being used against journalists and civil society members. The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the…
-
Israeli Firm Paragon Attack WhatsApp With New Zero-Click Spyware
Israeli Firm Paragon Attack WhatsApp With New Zero-Click Spyware WhatsApp revealed on Friday that a “zero-click” spyware attack, attributed to the Israeli firm Paragon, has targeted scores of users worldwide, including journalists and members of civil society. The spyware targeted nearly 100 WhatsApp users, including journalists, and did not require any user interaction, nor did…
-
Spyware Maker NSO Group Found Liable for Hacking WhatsApp
Spyware Maker NSO Group Found Liable for Hacking WhatsApp A judge has found that NSO Group, maker of the Pegasus spyware, has violated the US Computer Fraud and Abuse Act by hacking WhatsApp in order to spy on people using it. Jon Penney and I wrote a legal paper on the case. Bruce Schneier Go…