India gives WhatsApp three days to defend username rollout amid security fears
Government of the messenger's largest market demands a pause while Meta explains how it plans to stop impersonators
Stay informed on the latest Facebook security updates and protect your personal data with expert analysis and tips on our Information Security tag.
Search across headline titles and summaries.
Background for this topic.
Facebook is a social networking platform for user profiles, messaging, groups, pages, and content sharing, delivered through web and mobile clients and interfaces for third-party applications. Its security relevance comes from concentrating identity, relationships, communications, and personal data in a connected account ecosystem; compromise can expose private content or enable impersonation and targeted social engineering.
Security coverage includes vulnerabilities in Facebook’s clients, APIs, authentication, and account-recovery workflows, along with abuse of messages, groups, applications, and advertising features to distribute phishing or malicious links. Practitioners should distinguish platform flaws from credential theft or fraudulent content, assessing advisories by affected component, exploitability, and required updates. Privacy controls and third-party permissions reduce exposure but do not replace unique credentials, multi-factor authentication, session review, and prompt reporting; investigations may also require platform logs and preserved account or message evidence.
Weekly headline count for the current query.
Government of the messenger's largest market demands a pause while Meta explains how it plans to stop impersonators
Zuckercorp says surveillance-for-hire vendor was still running phishing operations after federal court told it to knock it off
How to avoid social engineering attacks? Employee training tops the list Be careful what you click on. Miscreants are abusing WhatsApp messages in a multi-stage attack that delivers malicious Microsoft Installer (MSI) packages, allowing criminals to control victims' machines and access all of their data.…
Dutch spies flag large-scale campaign to hijack secure messaging accounts Russian-linked hackers are trying to break into the Signal and WhatsApp accounts of government officials, journalists, and military personnel globally – not by cracking encryption, but by simply tricking people into handing over the keys.…
Meta also replaces a legacy C++ media-handling security library with Rust Users of Meta's WhatsApp messenger looking to simplify the process of protecting themselves are in luck, as the company is rolling out a new feature that combines multiple security settings under a single, toggleable option. …
And it's especially dangerous because the code works A malicious npm package with more than 56,000 downloads masquerades as a working WhatsApp Web API library, and then it steals messages, harvests credentials and contacts, and hijacks users' WhatsApp accounts.…
Attackers sidestep encryption with spoofed apps and zero-click exploits to compromise 'high-value' mobile users CISA has warned that state-backed snoops and cyber-mercenaries are actively abusing commercial spyware to break into Signal and WhatsApp accounts, hijack devices, and quietly rummage through the phones of what the agency calls "high-value" users.…
Two-day exploit opened up 3.5 billion users to myriad potential harms Researchers in Austria used a flaw in WhatsApp to gather the personal data of more than 3.5 billion users in what they believe amounts to the "largest data leak in history."…
One company alone was hit with more than 4,200 emails More than 5,000 businesses that use Facebook for advertising were bombarded by tens of thousands of phishing emails in a credential- and data-stealing campaign.…
Tech evolved from PoC to global campaign in under two months An attack called FileFix is masquerading as a Facebook security alert before ultimately dropping the widely used StealC infostealer and malware downloader.…
A similar vuln on Apple devices was used against 'specific targeted users' Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow remote code execution on affected devices.…
Meta shrugs off allegations of improper dismissal, ignoring privacy and security WhatsApp's former head of security, Attaullah Baig, has filed a lawsuit against its parent company, Meta, alleging that the social media megalith retaliated against him for reporting security failings that violated legal commitments.…
PLUS: Microsoft ends no-MFA Azure access; WorkDay attack diverts payments; FreePBX warns of CVSS 10 flaw; and more Infosec In brief A flaw in Meta's WhatsApp app “may have been exploited in a sophisticated attack against specific targeted users.”…
PLUS: Crypto mixer founders plead guilty; Another French telco hacked; Meta fights WhatsApp scams; And more! Infosec In Brief A critical vulnerability in the on-prem version of Trend Micro's Apex One endpoint security platform is under active exploitation, the company admitted last week, and there's no patch available.…
Privacy campaigner Max Schrem's NOYB is back on Zuck's back Meta's enthusiasm for training its AI on user data is not shared by the users themselves – at least for some Europeans – according a study commissioned by Facebook legal nemesis Max Schrems and his privacy advocacy group Noyb.…
Persians added snooping capabilities to DCHSpy after Israeli bombs fell Four new samples of Android spyware linked to the Iranian Ministry of Intelligence and Security (MOIS) that collects WhatsApp data, records audio and video, and hunts for files by name, surfaced shortly after the Iran-Israel conflict began.…
Charming Kitten unsheathes its claws and tries to catch credentials The cyber-ops arm of Iran's Islamic Revolutionary Guard Corps has started a spear-phishing campaign intent on stealing credentials from Israeli journalists, cybersecurity experts, and computer science professors from leading Israeli universities.…
Don’t trust mystery digits popping up in your search bar Scammers are hijacking the search results of people needing 24/7 support from Apple, Bank of America, Facebook, HP, Microsoft, Netflix, and PayPal in an attempt to trick victims into handing over personal or financial info, according to Malwarebytes senior director of research Jérôme Segura.…
Giving people the power to build community and bring the world closer together so we can shoot them Meta has partnered with Anduril Industries to build augmented and virtual reality devices for the military, eight years after it fired the defense firm's founder, Palmer Luckey.…
Millions may fall for it - and end up with malware instead A group of miscreants tracked as UNC6032 is exploiting interest in AI video generators by planting malicious ads on social media platforms to steal credentials, credit card details, and other sensitive info, according to Mandiant.…