Pierluigi Paganini
December 27, 2025
An NPM package with over 56,000 downloads stole WhatsApp credentials, hid its activity, and installed a backdoor. Koi Security researchers warned that the NPM package ‘Lotusbail’, a WhatsApp Web API library and fork of ‘Baileys’, has been stealing users’ credentials and data. The package has been available for six months and has had over 56,000 […]
Pierluigi Paganini
December 18, 2025
Attackers abuse WhatsApp’s device-linking feature to hijack accounts via pairing codes in the GhostPairing campaign. Attackers are exploiting WhatsApp’s device-linking feature to hijack accounts using pairing codes in a campaign dubbed GhostPairing, without requiring authentication. Gen Digital first observed the GhostPairing campaign in Czechia, but warns that it can spread globally via compromised accounts. The […]
Pierluigi Paganini
November 25, 2025
CISA warns that threat actors are actively using commercial spyware and RATs to target users of mobile messaging apps WhatsApp and Signal. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of threat actors using commercial spyware and remote access trojans (RATs) to target users of popular instant messaging applications, including WhatsApp and Signal. […]
Pierluigi Paganini
November 20, 2025
Researchers disclosed a WhatsApp flaw that exposed 3.5B accounts. Meta has patched it to prevent this mass enumeration. A team of researchers at the University of Vienna found a WhatsApp flaw that could scrape 3.5 billion accounts. Meta has since patched the vulnerability to block this enumeration technique. Users discover contacts by querying WhatsApp servers […]
Pierluigi Paganini
August 29, 2025
WhatsApp warns users targeted by advanced spyware, sending threat notifications to affected individuals from the past 90 days. A new zero-click exploit used to hack WhatsApp users, reported Donncha Ó Cearbhaill, Head of Security Lab at @AmnestyTech. WhatsApp has just sent out a round of threat notifications to individuals they believe were targeted by an […]
Pierluigi Paganini
August 06, 2025
WhatsApp removed 6.8M accounts linked to global scam centers, mainly in Cambodia, in a crackdown with Meta and OpenAI. Meta announced that WhatsApp has removed 6.8 million accounts tied to criminal scam centers, mainly in Cambodia, in a joint effort with OpenAI. Scam centers run multiple schemes, often requiring upfront payment for fake returns. Fraudulent […]
Pierluigi Paganini
August 01, 2025
Meta backs Pwn2Own Ireland 2025 in Cork, offering up to $1M for WhatsApp exploits; targets include phones and wearables, Oct 21–24 via Zero Day Initiative. Meta is sponsoring ZDI’s Pwn2Own Ireland 2025 hacking competition, where participants can earn big prizes for smartphone, WhatsApp and wearable device exploits. Participants can earn up to $1 million for […]
Pierluigi Paganini
June 24, 2025
The U.S. House banned WhatsApp on official devices over security concerns, citing risks flagged by the Chief Administrative Officer. The U.S. House has banned WhatsApp on government devices due to data security concerns. Similar restrictions apply to AI tools like ChatGPT, ByteDance apps, and Microsoft Copilot. “nuto has deemed WhatsApp a high-risk to users due […]
Pierluigi Paganini
April 24, 2025
WhatsApp adds Advanced Chat Privacy feature that allows users to block others from sharing chat content outside the app. WhatsApp announced the availability of a new feature called “Advanced Chat Privacy” for both individual and group chats that enhances content protection. The feature blocks chat exports, auto-media downloads, and the use of messages in AI […]
Pierluigi Paganini
April 08, 2025
WhatsApp addressed a flaw, tracked as CVE-2025-30401, that could allow attackers to trick users and enable remote code execution. WhatsApp released a security update to address a vulnerability, tracked as CVE-2025-30401, that could let attackers trick users and enable remote code execution. The spoofing flaw impacts WhatsApp for Windows before version 2.2450.6. An attacker could […]
