WhatsApp patches vulnerability exploited in zero-day attacks
WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. The company says this zero-click flaw (tracked as CVE-2025-55177) affects WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78. “Incomplete authorization of linked device synchronization messages in WhatsApp [..] […]
Fake WhatsApp developer libraries hide destructive data-wiping code
Two malicious NPM packages posing as WhatsApp development tools have been discovered deploying destructive data-wiping code that recursively deletes files on a developer’s computers. Two malicious NPM packages currently available in the registry target WhatsApp developers with destructive data-wiping code. The packages, discovered by researchers at Socket, masquerade as WhatsApp socket libraries and were downloaded over 1,100 […]
WhatsApp adds new security feature to protect against scams
WhatsApp is introducing a new security feature that will help users spot potential scams when they are being added to a group chat by someone not in their contact list. This feature displays a “safety overview” context card that includes information about the group’s creation date, the number of members, potential scam attempts, and instructions […]
US House bans WhatsApp on staff devices over security concerns
The U.S. House of Representatives has banned the installation and use of WhatsApp on government-issued devices belonging to congressional staff, citing concerns over how the app encrypts and secures data. The ban covers mobile phones, laptops, desktop computers, and any web browsers used on those devices. Congressional staff are still free to use WhatsApp on […]
NSO Group fined $167M for spyware attacks on 1,400 WhatsApp users
A U.S. federal jury has ordered Israeli spyware vendor NSO Group to pay WhatsApp $167,254,000 in punitive damages and $444,719 in compensatory damages for a 2019 campaign that targeted 1,400 users of the communication app. The verdict is considered a landmark case for being the first time a spyware vendor is held accountable in court, […]
WhatsApp unveils ‘Private Processing’ for cloud-based AI features
WhatsApp has announced the introduction of ‘Private Processing,’ a new technology that enables users to utilize advanced AI features by offloading tasks to privacy-preserving cloud servers. This is required to utilize AI functionalities such as message summarization and writing suggestions on WhatsApp, which are too demanding for on-device hardware. The new feature will be entirely opt-in […]
WhatsApp’s new Advanced Chat Privacy protects sensitive messages
WhatsApp has introduced a new Advanced Chat Privacy feature to protect sensitive information exchanged in private chats and group conversations. The new privacy option can be enabled after tapping the chat name and is designed to prevent attempts to save media and export chat content. “Today we’re introducing our latest layer for privacy called ‘Advanced […]
WhatsApp flaw can let attackers run malicious code on Windows PCs
Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices. Described as a spoofing issue and tracked as CVE-2025-30401, this security flaw can be exploited by attackers by sending maliciously crafted files with altered file types to potential […]
WhatsApp’s Meta AI is now rolling out in Europe, and it can’t be turned off
You can’t escape Meta AI in WhatsApp even if you are based in one of the 41 European countries, with the feature now rolling out to more devices. On March 19, WhatsApp owner Meta announced that a variety of AI upgrades would be coming to users in Europe after the company paused the rollout last year. Since […]
WhatsApp patched zero-click flaw exploited in Paragon spyware attacks
WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon’s Graphite spyware following reports from security researchers at the University of Toronto’s Citizen Lab. The company addressed the attack vector late last year “without the need for a client-side fix” and decided not to assign a CVE-ID after “reviewing the CVE guidelines published by […]