WhatsApp Leaks User Metadata to Attackers
Strangers can infer limited info about you without knowing or messaging you, which could theoretically aid certain kinds of malicious activity.
Stay informed on the latest Facebook security updates and protect your personal data with expert analysis and tips on our Information Security tag.
Search across headline titles and summaries.
Background for this topic.
Facebook is a social networking platform for user profiles, messaging, groups, pages, and content sharing, delivered through web and mobile clients and interfaces for third-party applications. Its security relevance comes from concentrating identity, relationships, communications, and personal data in a connected account ecosystem; compromise can expose private content or enable impersonation and targeted social engineering.
Security coverage includes vulnerabilities in Facebook’s clients, APIs, authentication, and account-recovery workflows, along with abuse of messages, groups, applications, and advertising features to distribute phishing or malicious links. Practitioners should distinguish platform flaws from credential theft or fraudulent content, assessing advisories by affected component, exploitability, and required updates. Privacy controls and third-party permissions reduce exposure but do not replace unique credentials, multi-factor authentication, session review, and prompt reporting; investigations may also require platform logs and preserved account or message evidence.
Weekly headline count for the current query.
Strangers can infer limited info about you without knowing or messaging you, which could theoretically aid certain kinds of malicious activity.
Water Saci has upgraded its self-propagating malware to compromise banks and cryptocurrency exchanges by targeting enterprise users of the popular chat app.
The infostealer specifically targets Brazilian Portuguese speakers and combines malware designed to phish banking credentials and steal data, a worm, and some uniquely Brazilian quirks.
Attackers compromise hospitality providers with an infostealer and RAT malware and then use stolen data to launch a phishing attacks against customers via both email and WhatsApp.
NSO Group must pay $4 million in damages and is permanently prohibited from reverse-engineering WhatsApp or creating new accounts after targeting users with spyware.
The enterprise-focused Water Saci campaign spreads Sorvepotel, which can steal credentials and monitor browser activity to defraud financial institutions in the region.
A "sophisticated" attack that also exploits an Apple zero-day flaw is targeting a specific group of iPhone users, potentially with spyware.
Signal, Wickr, WhatsApp, and Cape all have different approaches to security and privacy, yet most are finding ways to make secure communications more private.
A Libya-linked threat actor has resurfaced, using the same old political phishing tricks to deliver AsyncRAT that have worked for years.
Freshly released court documents reveal new details on controversial Israeli spyware firm's operations.
Meta has maintained that Facebook did not mislead investors by not including mention of the Cambridge Analytica scandal in its forward-looking risk disclosures, but the plaintiffs say it was a glaring omission.
The threat actors deceive their victims by impersonating the legal teams of companies, well-known Web stores, and manufacturers.
For three years now, more than a thousand social media accounts have been reposting the same pro-India, anti-Pakistan content on Facebook and X.
According to the researchers, roughly 250 fake advertisements appeared on platforms like Facebook and Instagram, and some are reportedly still up and running.
A malvertising campaign uses phishing to steal legitimate account pages, with the endgame of delivering the Lumma stealer.
As the social media giant celebrates its two-decade anniversary, privacy experts reflect on how it changed the way the world shares information.
A tangled web of attackers use various social media tactics to propagate the novel threat, which has several execution methods and exfiltrates data to Telegram.
Scammers are targeting multiple brands with "job offers" on Meta's social media platform, that go as far as to offer what look like legitimate job contracts to victims.
Researchers discovered spyware designed to steal from Android devices and from Telegram mods can also reach WhatsApp users.
Norway wants to permanently ban the owner of Facebook and Instagram from collecting sensitive user data across Europe, saying its current policies violate GDPR rules.