athome_it (@athome_it@social.tchncs.de)
Google-KI liest offenbar bei #WhatsApp mit
Viele Android-Nutzer teilen täglich persönliche Informationen, ohne zu wissen, dass diese womöglich mitgelesen werden. #Datenschutz #Google #KI #Android
https://www.techbook.de/mobile-lifestyle/smartphone/gemini-liest-bildschirm
Show Original Post
r (@r@fed.brid.gy)
#UnPlugTrump heißt eben, sich von amerikanischen Diensten frei zu machen. #Threema statt #Signal & #Whatsapp ist ein guter Start. Über 12 Mio. schlaue Bundesbürger haben schon die ThreemaApp. Und damit es noch mehr werden, verschenke ich wieder Threema Lizenzen (für Android) am 1.+2. November!
Show Original Post
r (@r@bsky.brid.gy)
#UnPlugTrump heißt eben, sich von amerikanischen Diensten frei zu machen. #Threema statt #Signal & #Whatsapp ist ein guter Start. Über 12 Mio. schlaue Bundesbürger haben schon die ThreemaApp. Und damit es noch mehr werden, verschenke ich wieder Threema Lizenzen (für Android) am 1.+2. November!
Show Original Post
blazetrends (@blazetrends@mastodon.social)
WhatsApp Adds Urgent Screen Share Warning to Combat Scams
#Meta #scam #ScreenSharing #security #whatsapp
https://blazetrends.com/whatsapp-adds-urgent-screen-share-warning-to-combat-scams/?fsp_sid=154380
Show Original Post
DreamAcademy (@DreamAcademy@troet.cafe)
@kitkat @nabor @scops @liarsworld
Sealed Sender lässt sich auch abschalten bei #Signal
Der "sealed" Absender kann wieder sichtbar werden, wenn der Server ein 401 meldet!
https://github.com/signalapp/Signal-Android/issues/13842
Ein Rückfall in unsere Modis sind ein ganz schlechtes Zeichen für Messenger, die eigentlich sicher sein sollen.
Bei #Whatsapp heißt es, dass auch dort immer noch ein Rückfall zu unverschlüsselten Nachrichten möglich ist.
Alles das gibts bei #Threema übrigens nicht!
Show Original Post
MarieClaudeS (@MarieClaudeS@mastodon.top)
arts technica (Traduction DeepL translator)
L’ONS ne peut plus cibler les utilisateurs de WhatsApp avec le logiciel espion Pegasus
Un juge fédéral a ordonné au fabricant de logiciels espions NSO de cesser d’utiliser son application Pegasus pour cibler ou infecter les utilisateurs de WhatsApp
https://mcinformactions.net/l-ons-ne-peut-plus-cibler-les-utilisateurs-de-whatsapp-avec-le-logiciel-espion
#Pegasus #WhatsApp #Meta #ONS
Show Original Post
simsus (@simsus@social.tchncs.de)
#WhatsApp kämpft gegen Spam: Nachrichtenlimit bei ausbleibender Reaktion | Security https://www.heise.de/news/WhatsApp-kaempft-gegen-Spam-Nachrichtenlimit-bei-ausbleibender-Reaktion-10792924.html #Broadcast #Messenger
Show Original Post
thenewoil (@thenewoil@mastodon.thenewoil.org)
#NSO permanently barred from targeting #WhatsApp users with #Pegasus #spyware
Show Original Post
westsibe (@westsibe@mastodon.social)
@shamd #Signal работает, т.к. имеет опции против блокировок: "Обход цензуры" и #SignalProxy . Есть альтернативный FOSS-клиент "Сигнала" - Molly FOSS (там Socks5-прокси и "Обход цензуры"). Ман: https://tiny.cc/signal-faq (txt, 12kB). Есть группы с живыми юзерами без всяких ботов (тел.номера можно не палить). А вот #WhatsApp - кирдык. WA-прокси там на звонки не действует, в Сети их фактически нет и поднимать бессмысленно (у многих они полегли, что работали).
Show Original Post
soc_goulash (@soc_goulash@infosec.exchange)
Alright team, it's been a pretty packed 24 hours in the cyber world! We've got updates on some seriously costly breaches, a couple of actively exploited vulnerabilities, new malware capabilities, and a look at the evolving threat landscape. Let's dive in:
Major Cyber Attacks and Breaches 💸
- The Jaguar Land Rover (JLR) cyberattack, which began in late August 2025, is now estimated to be the UK's costliest cyber incident, with an economic impact of up to £1.9 billion ($2.5 billion) affecting over 5,000 organisations.
- Chinese threat actors are actively exploiting the ToolShell (CVE-2025-53770) zero-day in Microsoft SharePoint, targeting government agencies, universities, and telecoms across four continents, deploying webshells, backdoors like Zingdoor and ShadowPad, and even Warlock ransomware.
- A spearphishing campaign, dubbed "PhantomCaptcha," impersonated the Ukrainian President's Office to target war relief organisations (Red Cross, UNICEF) and regional governments, using a sophisticated "ClickFix" technique to trick victims into executing PowerShell scripts for RAT deployment.
- SpaceX has taken action against cybercrime, disabling over 2,500 Starlink devices identified in Myanmar scam compounds following calls from politicians and human trafficking advocates.
- Oregon-based fence manufacturer Jewett-Cameron Trading disclosed a ransomware attack that exfiltrated video meeting images and non-public financial documents, with attackers threatening public release if a ransom isn't paid.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/22/jaguar_lander_rover_cost/
🗞️ The Record | https://therecord.media/jaguar-land-rover-cyberattack-economic-impact
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/sharepoint-toolshell-attacks-targeted-orgs-across-four-continents/
🗞️ The Record | https://therecord.media/sharepoint-toolshell-bug-breaches-governments-africa-south-america
🗞️ The Record | https://therecord.media/phantomcaptcha-spearphishing-campaign-ukraine-war-relief-groups
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/phantomcaptcha-clickfix-attack-targets-ukraine-war-relief-orgs/
🗞️ The Record | https://therecord.media/spacex-disables-starlink-kits-in-myanmar-scam-compounds
🗞️ The Record | https://therecord.media/ransomware-gang-steals-meeting-video-fence-manufacturer
New Threat Research 🔬
- Vidar Stealer 2.0 has been released, rewritten in C with multi-threading, improved anti-analysis checks, and a bypass for Chrome's App-Bound encryption via memory injection, likely increasing its prevalence as Lumma Stealer declines.
- Kaspersky researchers have identified a new, highly sophisticated APT campaign, PassiveNeuron, targeting government, financial, and industrial organisations in Asia, Africa, and Latin America with custom malware families Neursite (modular backdoor) and NeuralExecutor (.NET implant), often leveraging compromised internal servers as C2.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/vidar-stealer-20-adds-multi-threaded-data-theft-better-evasion/
📰 The Hacker News | https://thehackernews.com/2025/10/researchers-identify-passiveneuron-apt.html
Vulnerabilities and Zero-Days 🛡️
- TP-Link has patched four command injection flaws in Omada gateway devices, including two critical RCE vulnerabilities (CVE-2025-6542, CVE-2025-7850) with CVSS scores of 9.3, one of which allows unauthenticated remote exploitation.
- Adobe Commerce (formerly Magento) is seeing active exploitation of the critical SessionReaper vulnerability (CVE-2025-54236), an improper input validation flaw that allows attackers to take over customer accounts without interaction; 62% of stores remain unpatched.
- A high-severity "TARmageddon" flaw (CVE-2025-62518) in the abandoned async-tar Rust library and its forks, including the popular tokio-tar, allows unauthenticated RCE via hidden files in tar archives, posing a significant supply chain risk, with the most downloaded version still unfixed.
- Pwn2Own Ireland Day 2 saw hackers exploit 56 unique zero-day vulnerabilities, earning $792,750, including a chain of five flaws to hack the Samsung Galaxy S25 and exploits against QNAP, Synology, and Phillips Hue Bridge devices.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/tp-link-warns-of-critical-command-injection-flaw-in-omada-gateways/
📰 The Hacker News | https://thehackernews.com/2025/10/tp-link-patches-four-omada-gateway.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-exploiting-critical-sessionreaper-flaw-in-adobe-magento/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/22/vulnerable_rust_crate/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/tarmageddon-flaw-in-abandoned-rust-library-enables-rce-attacks/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/samsung-galaxy-s25-hacked-on-day-two-of-pwn2own-ireland-2025/
Threat Landscape Commentary 🌍
- GCHQ Director Anne Keast-Butler warned that the UK faces its "most contested and complex" threat environment in decades, with a quadrupling of significant cyberattacks over the past year (four incidents per week), driven by nation-state cooperation, AI advancements, and lower barriers for financially motivated cybercriminals.
🗞️ The Record | https://therecord.media/facing-anne-keast-decades-gchq
Data Privacy and Regulatory Issues ⚖️
- The UK's Information Commissioner's Office (ICO) defended its decision not to investigate a February 2022 Ministry of Defence data leak that exposed details of 33,345 Afghans, citing classified information handling difficulties and not wanting to hinder the MoD's immediate response.
- A new report from the Electronic Privacy Information Center (EPIC) highlights that state attorneys general in the US are increasingly active in privacy enforcement, bringing or settling over 1,200 consumer privacy cases in the last five years, filling a gap due to the absence of a comprehensive federal data privacy law.
- The annual Cyberspace Solarium Commission report concludes that the US is "slipping" on cybersecurity, with federal efforts failing to keep pace with technology, and recommends reversing budget/personnel cuts, strengthening the National Cyber Director's office, and expanding workforce initiatives.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/10/22/ico_afghan_leak_probe/
🗞️ The Record | https://therecord.media/state-ags-enforcement-privacy-law
🤫 CyberScoop | https://cyberscoop.com/cyberspace-solarium-commission-report-budget-workforce-cuts/
Other Noteworthy Updates 🤖
- Meta is rolling out new anti-scam tools for WhatsApp and Messenger, including advanced AI-powered scam detection for suspicious chats on Messenger and warnings for screen sharing during video calls with unknown contacts on WhatsApp.
- An open letter, signed by over 700 individuals including Nobel laureates and tech leaders, calls for a prohibition on the development of "superintelligent" AI until there's broad scientific consensus on safe and controllable development, reflecting growing mainstream concern over potential societal and existential risks.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/meta-launches-new-anti-scam-tools-for-whatsapp-and-messenger/
🤫 CyberScoop | https://cyberscoop.com/ai-superintelligence-ban-open-letter-future-of-life-harry-meghan-tech-leaders/
#CyberSecurity #ThreatIntelligence #Ransomware #Vulnerabilities #ZeroDay #APT #Malware #DataBreach #Privacy #InfoSec #CyberAttack #IncidentResponse #GCHQ #AI #RustLang #SharePoint #TPLink #Magento #WhatsApp #Messenger
Show Original Post
newstainmentora (@newstainmentora@mastodon.social)
The upcoming 'Mention All' feature for groups on WhatsApp is now accessible to Android beta testers
https://www.newstainmentora.online/2025/10/the-upcoming-mention-all-feature-for.html
#WhatsApp #whatsappbeta #Android #androidbeta
Show Original Post
mindlude (@mindlude@mastodon.social)
Well, well, well... looks like ChatGPT is packing its bags and leaving WhatsApp by January 2026! Policy changes, or maybe just a good old-fashioned AI turf war between OpenAI and Meta? Either way, better migrate those chats now if you want to keep 'em! What's your take on this digital divorce?
#ChatGPT #WhatsApp #AI #TechNews #OpenAI
https://www.engadget.com/ai/chatgpt-in-whatsapp-will-stop-working-in-january-161335173.html?src=rss
Show Original Post