VulnHub

WhatsApp recently disclosed two vulnerabilities that could pose risks to its users. The first is a file spoofing issue, which could allow attackers to disguise a malicious file as a legitimate one. The second vulnerability involves an arbitrary URL scheme that could lead to unwanted actions when users click on certain links. These vulnerabilities were reported to Meta through their bug bounty program and have been addressed in updates released earlier this year. Users of WhatsApp should ensure their app is updated to maintain security, as these vulnerabilities could potentially be exploited if left unpatched.

The European Commission has accused Meta of failing to properly manage the risks associated with children under 13 accessing its platforms, which is a serious concern for child safety online. The allegations suggest that Meta did not effectively identify or address potential dangers for younger users, raising questions about the company's compliance with the Digital Services Act (DSA). This scrutiny comes amid growing concerns about the protection of minors on social media and the responsibilities of tech companies to safeguard this vulnerable group. If found in violation, Meta could face significant penalties and be required to implement stricter safety measures. This situation emphasizes the ongoing debate about how to balance user engagement with the safety of young internet users.

U.S. Senator Chuck Grassley is investigating eight major tech companies for potentially failing to properly report instances of child sexual abuse material (CSAM). The companies under scrutiny include Meta, Amazon AI Services, TikTok, Snapchat, Discord, X.AI, Grindr, and Roblox. This inquiry follows concerns about how these platforms handle and report CSAM, which is a significant issue given the potential harm to children and the legal obligations these companies have. Grassley's investigation aims to ensure that these tech giants are held accountable for their reporting practices and that they take necessary steps to protect vulnerable users. The outcome of this probe could lead to stricter regulations and oversight of how online platforms manage and report such sensitive content.

A security researcher has discovered a vulnerability in WhatsApp that allows users to bypass the app's 'View Once' feature, which is designed to make images and videos disappear after being viewed. This issue arises from the use of a modified client application, and Meta, the parent company of WhatsApp, has stated it will not release a patch for this vulnerability. The decision not to address the flaw raises concerns about user privacy, as it undermines the security feature intended to protect sensitive media. Users who rely on this feature for confidential communications may be at risk of having their private content saved and shared without consent. The vulnerability's existence highlights the potential for modified applications to exploit weaknesses in popular messaging platforms.

The ongoing conflict in Iran is expected to extend, leading to an increase in cyber threats and potential disruptions in energy supply across the region. Companies operating in the Middle East may face heightened risks as tensions escalate. Cybersecurity experts are warning that this situation could result in more frequent and severe cyberattacks aimed at critical infrastructure and private enterprises. The implications of such attacks could be wide-ranging, impacting not just local businesses but also global markets and energy prices. Stakeholders in the region are advised to bolster their cybersecurity measures to mitigate potential risks.

Meta has taken significant action against scam operations by disabling over 150,000 accounts linked to scam centers in Asia. This initiative is part of a broader effort to combat online fraud, which has increasingly targeted users on social media platforms. By disrupting these centers, Meta aims to protect its users from scams that can lead to financial loss and identity theft. The company also launched new protection tools to enhance user safety and prevent future scams. This response reflects the growing challenge of online scams and the need for tech companies to actively safeguard their platforms.

The article raises concerns about privacy related to Ray-Ban smart glasses equipped with Meta's technology. Security experts warn that these glasses have the potential to record video and capture images without the knowledge of those nearby. This capability could lead to unauthorized surveillance, making people feel uncomfortable or unsafe in public spaces. As wearable technology becomes more integrated into daily life, users and bystanders alike need to be aware of the risks associated with devices that can secretly record their surroundings. The discussion emphasizes the importance of understanding how these devices operate and the implications for personal privacy.

The European Commission is taking action against Meta, alleging that the company violated EU competition laws by restricting access to WhatsApp for third-party AI assistants. In a change announced on October 15, 2025, Meta updated its WhatsApp Business Solution Terms, effectively preventing outside AI programs from interacting with users on the platform. Since January 15, 2026, Meta's own AI assistant has been the only one allowed on WhatsApp. The Commission is planning to impose interim measures while investigating these practices. This situation raises concerns about competition and innovation in the AI space, as limiting access could stifle the development of alternative AI solutions that could benefit users.

A researcher has found that some private Instagram accounts were inadvertently allowing access to their photo links by users who weren't logged in. This issue raised concerns about user privacy, as it meant that photos intended for private viewing could be seen by anyone with the link. Although Meta, Instagram's parent company, addressed the problem, they classified the report as not applicable and did not respond to requests for further information. This incident highlights ongoing challenges in protecting user data on social media platforms, emphasizing the need for companies to prioritize security and privacy measures to safeguard their users' content.

Meta has introduced a new security feature for WhatsApp aimed at protecting high-risk users, such as journalists and public figures, from sophisticated cyber threats like spyware. This 'lockdown mode' provides enhanced security measures, making it harder for attackers to gain unauthorized access to sensitive information. The feature is particularly important as these individuals often face targeted attacks due to their work and public visibility. With the rise of cyber espionage and invasive spyware, this initiative from Meta is a proactive step to safeguard vulnerable users. The rollout of this feature reflects a growing recognition of the need for stronger protections in the digital communication space.