#whatsapp-cve-2025-55177
#whatsapp-cve-2025-55177

Cryptocurrency

Treasury Launches Cybersecurity Initiative Expanding Threat Intelligence Access for Digital Asset Firms

Privacy professionals

NHS Scotland-linked domains push pr0n and illegal streams

fromBoston.com

Healthcare

Signature Healthcare in Brockton hit by cybersecurity incident

fromTechSpot

15 hours ago

Hackers are turning home routers into tools to spy on Microsoft 365 users

Forest Blizzard hackers exploit insecure routers to compromise devices and intercept traffic, targeting Microsoft 365 domains for sensitive data.

Chevin pulls the handbrake on FleetWave after security scare

A major outage of FleetWave affects customers in the UK and US due to cybersecurity precautions taken by Chevin Fleet Solutions.

3 hours ago

Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users

A severe vulnerability in EngageLab's EngageSDK affects cryptocurrency wallet apps, risking exposure of sensitive user information.

Cryptocurrency

Treasury Launches Cybersecurity Initiative Expanding Threat Intelligence Access for Digital Asset Firms

U.S. Treasury expands cybersecurity coordination with digital asset firms to enhance protections and integrate with traditional finance.

NHS Scotland-linked domains push pr0n and illegal streams

Scottish healthcare provider domains have been hijacked to promote adult content and illegal sports streams.

Healthcare

fromBoston.com

Signature Healthcare in Brockton hit by cybersecurity incident

Signature Healthcare is managing a cybersecurity incident, affecting some services while maintaining inpatient and emergency care.

fromTechSpot

15 hours ago

Hackers are turning home routers into tools to spy on Microsoft 365 users

Forest Blizzard hackers exploit insecure routers to compromise devices and intercept traffic, targeting Microsoft 365 domains for sensitive data.

Chevin pulls the handbrake on FleetWave after security scare

A major outage of FleetWave affects customers in the UK and US due to cybersecurity precautions taken by Chevin Fleet Solutions.

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

Google's Device Bound Session Credentials enhance security for Chrome users by tying authentication sessions to specific devices, combating session theft.

'Stop Texting': FBI Warning Drives Apple's iPhone Messaging Update - TechRepublic

Apple is adopting a secure version of RCS to enhance messaging security between iPhones and Android devices.

New Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts

Apple warns iPhone users about a surge in social engineering scams targeting bank accounts through panic-inducing messages.

Mobile UX

'Stop Texting': FBI Warning Drives Apple's iPhone Messaging Update - TechRepublic

Apple is adopting a secure version of RCS to enhance messaging security between iPhones and Android devices.

New Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts

Apple warns iPhone users about a surge in social engineering scams targeting bank accounts through panic-inducing messages.

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.

more#apple-intelligence

EU data protection

300,000 People Impacted by Eurail Data Breach

Eurail is notifying over 300,000 customers about a data breach that exposed personal information, including names and passport numbers.

Toronto startup

fromAol

Russia sees China's WeChat, Douyin as models for its homegrown Max messenger

Russia aims to develop its Max messaging app by modeling it after Tencent's WeChat and Douyin to enhance its functionality and user base.

Node JS

fromZero Day Initiative

Zero Day Initiative - Node.js Trust Falls: Dangerous Module Resolution on Windows

Node.js module resolution can lead to security vulnerabilities if malicious packages are placed in the root node_modules directory.

fromWIRED

Men Are Buying Hacking Tools to Use Against Their Wives and Friends

Telegram groups facilitate the sale of hacking and surveillance services, promoting abusive content targeting women and girls.

Ransomware knocks Dutch healthcare software vendor offline

A ransomware attack has taken down Dutch healthcare software vendor ChipSoft, affecting its services to hospitals across the country.

fromSecuritymagazine

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.

Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems

Medusa ransomware group rapidly exploits vulnerabilities, impacting critical sectors and employing double extortion tactics since June 2021.

Information security

German Police Unmask REvil Ransomware Leader

Healthcare

Ransomware knocks Dutch healthcare software vendor offline

A ransomware attack has taken down Dutch healthcare software vendor ChipSoft, affecting its services to hospitals across the country.

fromSecuritymagazine

Ransomware Response: How Businesses Regain Control Under Pressure

Ransomware attacks create urgent pressure, forcing quick decisions and impacting operations, legal obligations, and overall enterprise strategy.

Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems

Medusa ransomware group rapidly exploits vulnerabilities, impacting critical sectors and employing double extortion tactics since June 2021.

Information security

German Police Unmask REvil Ransomware Leader

Daily briefing: Quantum computers could crack cybersecurity systems before 2030

Quantum computing advancements may threaten cybersecurity systems sooner than expected, potentially compromising encryption methods by the end of the decade.

fromElectronic Frontier Foundation

13 hours ago

Yikes, Encryption's Y2K Moment is Coming Years Early

Google has moved its quantum preparedness deadline for cryptography to 2029 due to advancements in technology.

Information security

The Retroactive Decryption Trap: Why Post-Quantum Upgrades Can't Save Your Past Privacy

Science

fromNature

Daily briefing: Quantum computers could crack cybersecurity systems before 2030

Quantum computing advancements may threaten cybersecurity systems sooner than expected, potentially compromising encryption methods by the end of the decade.

fromElectronic Frontier Foundation

13 hours ago

Yikes, Encryption's Y2K Moment is Coming Years Early

Google has moved its quantum preparedness deadline for cryptography to 2029 due to advancements in technology.

The Retroactive Decryption Trap: Why Post-Quantum Upgrades Can't Save Your Past Privacy

Google's whitepaper on quantum threats urges immediate post-quantum preparations, shifting the migration deadline to 2029 and highlighting vulnerabilities in blockchain security.

more#quantum-computing

Canada news

fromThe Walrus

Why Your Credit Card Is a National Security Threat | The Walrus

Canada needs to develop its own digital payment infrastructure to ensure financial autonomy and protect against foreign control.

US politics

fromArs Technica

4 days ago

CBP facility codes sure seem to have leaked via online flashcards

Immigration offenses and internal systems of CBP are detailed in flashcards, highlighting procedures and responsibilities of agents.

Data Leakage Vulnerability Patched in OpenSSL

Seven vulnerabilities in OpenSSL have been patched, including a moderate severity flaw that can lead to sensitive data leakage.

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

fromArs Technica

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

DevOps

fromInfoWorld

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.

fromArs Technica

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

Google Rolls Out Cookie Theft Protections in Chrome

Google introduces Device Bound Session Credentials in Chrome to enhance security against session cookie theft.

Cryptocurrency

$3.6 Million Stolen in Bitcoin Depot Hack

Bitcoin Depot reported a theft of approximately $3.6 million in bitcoin due to a cyber intrusion into its IT systems.

Node JS

fromNist

NVD

Tinyproxy versions up to 1.11.3 are vulnerable to HTTP request parsing desynchronization due to case-sensitive Transfer-Encoding header comparison.

#whatsapp

fromGSMArena.com

Mobile UX

WhatsApp is gaining noise cancellation for voice and video calls

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.

fromEngadget

Privacy professionals

WhatsApp introduces an advanced security mode to protect against hackers

fromSocial Media Today

Privacy professionals

WhatsApp Adds Advanced Security Setting to Counter OS Level Attacks

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

Privacy technologies

WhatsApp Boosts Account Security for At-Risk Individuals

fromGSMArena.com

Mobile UX

WhatsApp is gaining noise cancellation for voice and video calls

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.

fromEngadget

Privacy professionals

WhatsApp introduces an advanced security mode to protect against hackers

fromSocial Media Today

Privacy professionals

WhatsApp Adds Advanced Security Setting to Counter OS Level Attacks

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.

Privacy technologies

WhatsApp Boosts Account Security for At-Risk Individuals

Critical Marimo Flaw Exploited Hours After Public Disclosure

A critical vulnerability in Marimo was exploited within hours of its public disclosure, allowing unauthenticated remote code execution.

WireGuard VPN developer can't ship software updates after Microsoft locks account | TechCrunch

WireGuard is locked out of its Microsoft developer account, preventing critical software updates for Windows users.

#fbi

New FBI Warning: Chinese Apps Could Expose User Data

FBI warns Americans about potential data risks from foreign apps, especially those developed in China.

Privacy professionals

FBI Declares Surveillance System Breach a 'Major Incident'

A China-linked breach of an FBI surveillance system has been classified as a major incident, posing significant risks to US national security.

New FBI Warning: Chinese Apps Could Expose User Data

FBI warns Americans about potential data risks from foreign apps, especially those developed in China.

FBI Declares Surveillance System Breach a 'Major Incident'

A China-linked breach of an FBI surveillance system has been classified as a major incident, posing significant risks to US national security.

Guardarian Users Targeted With Malicious Strapi NPM Packages

A supply chain attack targeting the Strapi ecosystem involved 36 malicious NPM packages delivering various harmful payloads.

Cryptocurrency

fromFortune

A quantum threat to Bitcoin has some asking the unthinkable: Is it time to freeze old wallets belonging to Satoshi Nakamoto? | Fortune

Quantum computing poses a significant threat to Bitcoin wallets, particularly those of Satoshi Nakamoto, potentially allowing hackers to access them by 2029.

14 hours ago

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

A security vulnerability in EngageLab SDK could have exposed millions of cryptocurrency wallet users to unauthorized data access.

Developer of VeraCrypt encryption software says Windows users may face boot-up issues after Microsoft locked his account | TechCrunch

Microsoft has blocked the VeraCrypt developer's account, potentially affecting users' access to their encrypted PCs.

Android Alert: 50 Google Play Apps Linked to 'NoVoice' Malware Reached 2.3M Downloads

NoVoice malware infiltrated Google Play Store, downloaded over 2.3 million times, exposing sensitive data on millions of devices.

16 hours ago

Hackers Exploit Adobe PDF Flaw for Months to Steal Data, No Fix Yet

Attackers exploit a zero-day vulnerability in Adobe Acrobat Reader to steal data and potentially take over systems using malicious PDF files.

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

A new variant of the Phorpiex botnet combines traditional and peer-to-peer communication, facilitating sophisticated malware operations and high-volume spam.

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors hijacked the Smart Slider 3 Pro plugin update system to distribute a backdoored version affecting WordPress and Joomla users.

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

A critical vulnerability in Ninja Forms allows file uploads that could lead to remote code execution on affected websites.

3 hours ago

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors hijacked the Smart Slider 3 Pro plugin update system to distribute a backdoored version affecting WordPress and Joomla users.

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

A critical vulnerability in Ninja Forms allows file uploads that could lead to remote code execution on affected websites.

5 telltale signs that your phone has been compromised (and how to combat them)

Phone hacking can be detected through signs like battery drain, slow performance, unfamiliar logins, and reduced storage space.

RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years

A 13-year-old RCE vulnerability in Apache ActiveMQ Classic can be exploited to bypass authentication and execute OS commands.

Adobe Reader Zero-Day Exploited for Months: Researcher

A zero-day vulnerability in Adobe Reader has been discovered, capable of exploiting user data and enabling remote code execution.

22 hours ago

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

A zero-day vulnerability in Adobe Reader is being exploited through malicious PDF documents to harvest sensitive data and execute additional payloads.

Adobe Reader Zero-Day Exploited for Months: Researcher

A zero-day vulnerability in Adobe Reader has been discovered, capable of exploiting user data and enabling remote code execution.

22 hours ago

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

A zero-day vulnerability in Adobe Reader is being exploited through malicious PDF documents to harvest sensitive data and execute additional payloads.

Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access

Google API keys in Android apps can be exploited to access Gemini AI endpoints, risking personal data exposure.

3 weeks ago

Researcher Discovers 4th WhatsApp View Once Bypass; Meta Won't Patch

A researcher discovered a fourth method to bypass WhatsApp's View Once feature using a modified client, which Meta will not patch because it falls outside their security model.

Claude Mythos Is Everyone's Problem

Anthropic has developed a powerful AI tool, Claude Mythos Preview, capable of exploiting major cybersecurity vulnerabilities.

fromwww.theguardian.com

Anthropic says its latest AI model can expose weaknesses in software security

Claude Mythos exposes thousands of software vulnerabilities, prompting Anthropic to limit its release and collaborate with cybersecurity specialists.

fromThe Atlantic

17 hours ago

Claude Mythos Is Everyone's Problem

Anthropic has developed a powerful AI tool, Claude Mythos Preview, capable of exploiting major cybersecurity vulnerabilities.

fromwww.theguardian.com

Anthropic says its latest AI model can expose weaknesses in software security

Claude Mythos exposes thousands of software vulnerabilities, prompting Anthropic to limit its release and collaborate with cybersecurity specialists.

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic's Project Glasswing uses Claude Mythos to identify and address cybersecurity vulnerabilities, surpassing human capabilities in some instances.

'BlueHammer' Exploit Targets Windows, Potentially Impacting 1 Billion+ Devices

A security researcher released exploit code for a Windows zero-day vulnerability called BlueHammer, allowing privilege escalation without an official Microsoft patch.

Hundreds compromised daily in Microsoft device code phishes

A Microsoft device-code phishing campaign is compromising hundreds of organizations daily, utilizing AI and automation to steal financial data.

The Hidden Cost of Recurring Credential Incidents

Credential incidents cause significant operational costs and disruptions, impacting IT teams and overall business productivity beyond just breach prevention.

Severe StrongBox Vulnerability Patched in Android

The latest Android security updates address two vulnerabilities: a critical DoS issue and a high-severity flaw in StrongBox.

Evasive Masjesu DDoS Botnet Targets IoT Devices

Masjesu is a botnet targeting IoT devices for DDoS attacks, active since 2023 and primarily advertised on Telegram.

fromTechzine Global

New vulnerabilities affect printing software on Linux and Unix

Two new vulnerabilities in CUPS allow remote code execution and full system control without login credentials.

Critical Flowise Vulnerability in Attacker Crosshairs

A critical vulnerability in Flowise allows remote code execution, posing severe security risks to systems and sensitive data.

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

A critical security flaw in Flowise allows remote code execution, posing severe risks to business continuity and customer data.

Critical Flowise Vulnerability in Attacker Crosshairs

A critical vulnerability in Flowise allows remote code execution, posing severe security risks to systems and sensitive data.

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

A critical security flaw in Flowise allows remote code execution, posing severe risks to business continuity and customer data.

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

A campaign targets ComfyUI instances for cryptocurrency mining and botnet enlistment through remote code execution exploits.

[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk

Identity programs are maturing, yet the risk from disconnected applications and AI agents is increasing for enterprises.

fromTechzine Global

Cloudflare accelerates post-quantum roadmap

Cloudflare plans to achieve full post-quantum security by 2029, prioritizing authentication systems due to emerging quantum computing threats.

The New Rules of Engagement: Matching Agentic Attack Speed

AI-enabled cyberattacks are currently occurring, with significant impacts on organizations and a widening gap between attackers and defenders.

#fortinet

Information security

Attackers exploited the FortiClient EMS bug as a 0-day

New Fortinet Flaw Allows Unauthorized Access to Enterprise Systems

A critical FortiClient EMS vulnerability allows unauthenticated attackers to bypass protections and execute unauthorized commands on systems.

5 days ago

Information security

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Attackers exploited the FortiClient EMS bug as a 0-day

Fortinet released an emergency patch for a critical vulnerability in FortiClient EMS, which is being actively exploited.

New Fortinet Flaw Allows Unauthorized Access to Enterprise Systems

A critical FortiClient EMS vulnerability allows unauthenticated attackers to bypass protections and execute unauthorized commands on systems.

5 days ago

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet released patches for a critical vulnerability in FortiClient EMS, allowing unauthenticated attackers to execute unauthorized commands.

Meta Pauses Work With Mercor After LiteLLM-Linked Data Breach - TechRepublic

Meta has paused work with Mercor due to a security breach linked to the LiteLLM supply chain attack.

Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

WhatsApp messages are being exploited to deliver malware to Windows users, creating significant security risks.

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.

fromComputerworld

2 weeks ago

Chrome encryption bypass discovered: New malware steals passwords and cookies

The bypass requires neither privilege escalation nor code injection, making it a stealthier approach compared to alternative ABE bypass methods.

Information security