maik (@maik@norden.social)
#WhatsApp hat eine Sicherheitslücke geschlossen, die es Hackern ermöglichte, über kompromittierte Nachrichten ohne Nutzeraktion schädlichen Code auf iOS und macOS auszuführen.
https://www.heise.de/news/Zero-Click-Angriff-auf-Apple-Geraete-via-WhatsApp-10626629.html
Show Original Post
westsibe (@westsibe@mastodon.social)
Ну что, завтра оф.презентация нац.мессенджера #Max , ждём «пессимизацию» #WhatsApp , обещанную зампредом правительства А. Горелкиным и читаем инструкцию к #Signal #Messenger – https://surl.li/xfuxrg (txt, 9kB), имеющим два встроенных вида по обходу блокировок #РКН плюс #VPN (по желанию)…
–Это на случай, если кто-то так и не ознакомился.
И да, там есть печеньки (группы без палева тел.номеров другим):
https://surl.li/iedipb (>185 чел.), https://surl.li/oarmnk (>14 чел.)
@Russia @rf @rur
Show Original Post
ErikvanStraten (@ErikvanStraten@infosec.exchange)
❝WhatsApp dicht lek gebruikt om Apple-gebruikers met spyware te infecteren
zaterdag 30 augustus 2025, 22:18 door Redactie, 4 reacties
WhatsApp heeft een kwetsbaarheid in de chatapp gedicht die actief is misbruikt om Apple-gebruikers met spyware te infecteren. Het ging hierbij om een zogenoemde zeroclick-aanval, waarbij er geen enkele interactie van het slachtoffer is vereist om die met spyware te infecteren, zo laat Donncha Ó Cearbhaill weten, hoofd van het Security Lab van Amnesty International. De aanvaller hoefde alleen een bericht naar slachtoffers te sturen. WhatsApp adviseert slachtoffers in een waarschuwing dat het verstandig is een fabrieksreset uit te voeren.
❞ https://www.security.nl/posting/903008/WhatsApp+dicht+lek+gebruikt+om+Apple-gebruikers+met+spyware+te+infecteren
Merk op: dat laatste moet je alleen doen indien Meta (eigenaar van WhatsApp) je een bericht heeft gestuurd dat jouw iPhone gecompromitteerd is! Zie ook het Engelstalige artikel in https://techcrunch.com/2025/08/29/whatsapp-fixes-zero-click-bug-used-to-hack-apple-users-with-spyware/.
Andere iPhone/iPad gebruikers: check of de laatste iOS/iPadOS update is geïnstalleerd!
Ten slotte: elke app kan dit soort bugs bevatten, dát is niet direct een reden om over te stappen op bijv. Signal of Threema. Maar dat overstappen is wél een goed idee, voor jezelf - en voor iedereen in jouw contactenlijst (ook bewuste WhatsApp-NIET-gebruikers), want Meta kopiejat die lijst regelmatig van jouw telefoon. Weten wie wie kent is big business!
#WhatsApp #Meta #Privacy #InfoSec #RCE
Show Original Post
soc_goulash (@soc_goulash@infosec.exchange)
Morning, cyber pros! It's been a bit quiet over the last 24 hours, but we've still got some critical updates to chew on. We're looking at a nasty WhatsApp zero-day, some clever abuse of forensic tools for C2, and a new infostealer campaign leveraging fake PDF editors. Let's dive in:
Actively Exploited Zero-Days in WhatsApp and Apple ⚠️
- WhatsApp has patched CVE-2025-55177, a vulnerability in its iOS and macOS apps, which may have been exploited in the wild.
- This flaw, related to insufficient authorisation of linked device sync messages, is believed to have been chained with Apple's CVE-2025-43300, an ImageIO out-of-bounds write, for targeted zero-click attacks.
- Amnesty International confirmed WhatsApp notified targeted individuals, including civil society members, suggesting an advanced spyware campaign. Users should factory reset and keep all software updated.
🤔 The Hacker News | https://thehackernews.com/2025/08/whatsapp-issues-emergency-update-for.html
New Tradecraft: Velociraptor Abuse, Teams Phishing, and Infostealer Campaigns 🛡️
- Threat actors are evolving their living-off-the-land tactics by abusing legitimate tools like Velociraptor, an open-source forensic platform, to establish C2 tunnels and deploy Visual Studio Code.
- We're also seeing a rise in Microsoft Teams phishing, where attackers impersonate IT help desks to deliver remote access tools and PowerShell payloads for credential theft and RCE, bypassing traditional email defences.
- A new infostealer, "TamperedChef," is being distributed via fraudulent PDF editing apps promoted through Google ads, with the malicious payload activated days after installation to evade initial detection. Some of these apps also turn user systems into residential proxies.
🤔 The Hacker News | https://thehackernews.com/2025/08/attackers-abuse-velociraptor-forensic.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/tamperedchef-infostealer-delivered-through-fraudulent-pdf-editor/
#CyberSecurity #InfoSec #ThreatIntelligence #ZeroDay #Vulnerability #WhatsApp #Apple #Malware #Infostealer #Velociraptor #MicrosoftTeams #Phishing #SocialEngineering #LotL #IncidentResponse
Show Original Post
heiseonlineenglish (@heiseonlineenglish@social.heise.de)
Zero-click attack on Apple devices via WhatsApp
WhatsApp reports a closed vulnerability that allows vulnerable iOS and macOS devices to be attacked by spyware without user confirmation.
#Apple #iOS #IT #macOS #Security #Sicherheitslücken #WhatsApp #news
Show Original Post
slmoon (@slmoon@troet.cafe)
WhatsApp so: Du kannst die Gruppe stummschalten aber berkommst dennoch Benachrichtigungen wenn jemand dich erwähnt
WAS SOLL DENN DIESER SCHEIß
Show Original Post
studioinkdesignbr (@studioinkdesignbr@mastodon.social)
✨ WhatsApp Resolve Vulnerabilidade Crítica para Usuários de Apple!
📝 Boa notícia para quem usa WhatsApp no iPhone! A plataforma acaba de corrigir uma falha de segurança que poderia afetar a privacidade dos usuários. Fique por dentro das melhorias e saiba como se proteger melhor no seu dia a dia digital. Clique no link e descubra tudo!
.
.
.
#SegurançaDigital #WhatsApp #Apple
https://inkdesign.com.br/whatsapp-corrige-falha-de-seguranca-afetando-usuarios-apple/?fsp_sid=132813
Show Original Post
niavy (@niavy@masto.bike)
Ah, tiens...
Un des responsables de mon assemblée religieuse qui m'envoie un lien d'invitation WhatsApp 😁.
Faudra que je lui dise que non 😅. "Oui, mais tu manques des infos et on peut pas te rajouter dans ton groupe d'évangélisation"
Ah, oui, bien sûr 🤔. Mais...
Non, en fait. Je suis bien, sans WhatsApp 😆. Sans Messenger. Sans Facebook. Sans Instagram 😁.
(Mais derrière, je reçois par SMS la copie d'un message de groupe. J'apprécie 😊)
Show Original Post
guardingpearsoftware (@guardingpearsoftware@mastodon.social)
#WhatsApp revealed it had uncovered a sophisticated cyber-espionage campaign that exploited a zero-day vulnerability in both its app and #Apple devices to carry out attacks. Some members of civil society groups appear to have been affected.
The company has since fixed the vulnerabilities and has been issuing threat alerts to individuals it believes were targeted by the spyware campaign over the past 90 days.
Show Original Post
randy_ (@randy_@social.linux.pizza)
A hot conversation I overheard with people from work… WhatsApp might start charging you for using it… and there’s a potential new law that European governments are allowed to read all your messages, including those on apps like Signal.
Signal has announced that they will leave Europe if this law takes effect.
Of course, I need to know what we can do about this to keep our privacy… or is this the end of our free speech?
Would Threema and Wire be affected as well?
#WhatsApp
#PrivacyConcerns
#Signal
#FreeSpeech
#Threema
#Wire
#EuropeanLaw
Show Original Post
lavanyadeepak (@lavanyadeepak@mastodon.social)
#Kumbhipakam -- For those who torture, kill and/or eat harmless innocent animals/birds
Photo/Images: #Whatsapp
Show Original Post
technadu (@technadu@infosec.exchange)
🚨 Cybersecurity Updates 🚨
- WhatsApp zero-day (CVE-2025-55177) patched after active exploitation.
- CISA KEV adds Sangoma FreePBX auth-bypass (CVE-2025-57819).
- U.S. seizes VerifTools fake ID hub tied to $6.4M fraud.
Stay patched. Stay aware.
#CyberSecurity #WhatsApp #ZeroDay
Show Original Post