Attackers are exploiting WhatsApp's device-linking feature to hijack accounts using a method called GhostPairing. Victims are tricked into linking their accounts to an attacker's browser through fake messages and deceptive login pages, granting the attackers full access to their conversations and media.

Researchers found a significant security flaw in WhatsApp that allowed hackers to easily access phone numbers and some profile information for all 3.5 billion users. Despite being warned about the issue since 2017, Meta only implemented a fix in October 2023. Users are urged to review their privacy settings to protect their information.

The lotusbail npm package masquerades as a legitimate WhatsApp API library but contains sophisticated malware that steals user credentials, messages, and contacts. It captures data by intercepting communications and uses custom encryption to evade detection. Even after uninstalling the package, attackers retain access to compromised accounts.

WhatsApp has integrated Rust to improve security in its media handling, protecting users from potential malware threats. This upgrade follows lessons learned from past vulnerabilities, enabling faster and safer media sharing across billions of devices.

WhatsApp has launched a new feature called Strict Account Settings, which allows users to enhance their privacy with a single toggle. This mode restricts various functionalities, making users less visible and enabling stronger security measures. Additionally, Meta has replaced an old media-handling library with a new one built in Rust for better security.

WhatsApp has introduced advanced privacy features that allow users to control who can see their last seen status, profile photo, and about information. These updates aim to enhance user privacy and provide more options for managing visibility within the app. Additionally, WhatsApp emphasizes its commitment to user security with end-to-end encryption for messages.

The Zero Day Initiative is offering a $1 million reward for a zero-click WhatsApp exploit at the Pwn2Own Ireland 2025 contest, co-sponsored by Meta. The competition will take place from October 21 to October 24 in Cork, Ireland, featuring various categories targeting multiple technologies and emphasizing the importance of identifying vulnerabilities before they can be exploited by malicious actors.

The U.S. House of Representatives has banned the use of WhatsApp on government devices due to security concerns. This decision reflects ongoing worries about data privacy and the potential for foreign interference through widely-used messaging applications. Agencies are now required to use alternative communication methods that meet security standards.

WhatsApp has released an emergency update to address a critical security vulnerability that could allow attackers to exploit the app and execute malicious code remotely. Users are urged to update to the latest version to protect their accounts and devices from potential threats. The update aims to enhance overall security and user safety.

A critical flaw in the Windows version of WhatsApp has been discovered, allowing hackers to exploit the application and potentially sneak in malicious files. Users are advised to update their software immediately to protect against these vulnerabilities and safeguard their data.

WhatsApp is testing a new feature that allows users to log out of their accounts directly from the app, addressing concerns about account security and privacy. This beta feature aims to provide a more flexible way for users to manage their sessions, especially on shared devices. Users will have the option to log out without needing to uninstall the app or remove their account permanently.

Meta has enhanced scam protection features on its messaging platforms, WhatsApp and Messenger, to combat increasing fraudulent activities. These updates aim to bolster user security and provide better tools for identifying and reporting scams. The initiative reflects Meta's commitment to creating a safer online environment for its users.