VulnHub

A security researcher has discovered a vulnerability in WhatsApp that allows users to bypass the app's 'View Once' feature, which is designed to make images and videos disappear after being viewed. This issue arises from the use of a modified client application, and Meta, the parent company of WhatsApp, has stated it will not release a patch for this vulnerability. The decision not to address the flaw raises concerns about user privacy, as it undermines the security feature intended to protect sensitive media. Users who rely on this feature for confidential communications may be at risk of having their private content saved and shared without consent. The vulnerability's existence highlights the potential for modified applications to exploit weaknesses in popular messaging platforms.

According to a recent report by Gartner, security teams should prioritize their involvement in artificial intelligence (AI) projects to prevent expensive incident response efforts in the future. The research suggests that by 2028, AI-related issues will account for half of all incident response activities. This shift highlights the growing intersection between cybersecurity and AI, emphasizing that companies need to integrate security considerations from the outset of AI development. Failing to do so could lead to significant vulnerabilities and costly breaches. As AI technology becomes more prevalent in various sectors, understanding its risks and preparing for potential security incidents will be crucial for organizations.

The ongoing conflict in Iran is expected to extend, leading to an increase in cyber threats and potential disruptions in energy supply across the region. Companies operating in the Middle East may face heightened risks as tensions escalate. Cybersecurity experts are warning that this situation could result in more frequent and severe cyberattacks aimed at critical infrastructure and private enterprises. The implications of such attacks could be wide-ranging, impacting not just local businesses but also global markets and energy prices. Stakeholders in the region are advised to bolster their cybersecurity measures to mitigate potential risks.

Online fraud is becoming a significant issue globally, with losses reaching $442 billion, according to INTERPOL's latest report. The increase is attributed to the rise of digital tools and organized crime networks that operate internationally. Between 2024 and 2025, there was a 54% increase in fraud-related notices, indicating a growing number of victims affected by these scams. The report categorizes financial fraud as one of the top five global crime threats, emphasizing the need for better security measures and awareness. The surge in fraud impacts individuals and businesses alike, highlighting the urgency for enhanced protective strategies in the digital space.

A recent report by SailPoint, which surveyed 333 IT decision-makers in the UK, reveals a significant security risk for businesses: 77% of organizations do not deactivate accounts of former employees in a timely manner. This oversight can leave sensitive data vulnerable to unauthorized access, as ex-employees may still have the ability to access company systems. The failure to manage identity security effectively could result in data breaches, potentially exposing businesses to severe financial and reputational damage. Companies must prioritize timely account deactivation protocols to protect their data and maintain compliance with data protection regulations. This situation is particularly concerning as it highlights a widespread issue that could affect numerous organizations across various sectors.

On March 13, the WebFiling service of Companies House was taken offline after a security issue was discovered that exposed sensitive data of company directors. This incident raises concerns about the privacy and security of personal information for those listed as directors, as it could potentially be misused by malicious actors. Companies House, which is responsible for registering company information in the UK, has not provided detailed information about the nature of the data that was exposed or how many individuals were affected. The downtime of the service indicates a proactive measure to prevent further unauthorized access. This situation emphasizes the importance of maintaining secure systems, especially when handling sensitive personal data.

Intuitive has reported a data breach resulting from a phishing attack that compromised sensitive information. The stolen data includes customer business and contact details, as well as employee and corporate data. This breach could potentially expose affected individuals and businesses to identity theft and fraud. Phishing attacks are a common tactic used by cybercriminals to gain unauthorized access to systems, making this incident a reminder of the constant need for vigilance in cybersecurity practices. Organizations are encouraged to review their security protocols and educate employees about recognizing phishing attempts to mitigate future risks.

As ransomware payments decline to historic lows, attackers are changing their tactics to adapt to the shrinking market. Research indicates that many ransomware actors are moving away from using sophisticated tools like Cobalt Strike and are instead relying on native Windows tools to carry out their attacks. This shift comes as the frequency of data theft incidents is increasing, suggesting that attackers are looking for ways to maintain their profitability despite the challenges. The implications of this trend are concerning for organizations, as it may lead to more widespread and varied attacks that are harder to detect and defend against. Companies need to stay vigilant and adapt their security measures to counter these evolving threats.

A phishing attempt targeting a C-suite executive at cybersecurity firm Outpost24 recently came to light. The attackers used trusted brands and domains to trick the executive into revealing their login credentials. Although the attack was ultimately unsuccessful, it raises concerns about the vulnerabilities even experienced professionals face when dealing with sophisticated phishing schemes. This incident serves as a reminder for organizations to remain vigilant and reinforce security training, particularly for high-level staff who are often prime targets for attackers. The tactics employed in this case reflect the evolving strategies of cybercriminals, making it crucial for companies to continually update their defenses against such threats.