VulnHub

The European Commission is taking action against Meta, alleging that the company violated EU competition laws by restricting access to WhatsApp for third-party AI assistants. In a change announced on October 15, 2025, Meta updated its WhatsApp Business Solution Terms, effectively preventing outside AI programs from interacting with users on the platform. Since January 15, 2026, Meta's own AI assistant has been the only one allowed on WhatsApp. The Commission is planning to impose interim measures while investigating these practices. This situation raises concerns about competition and innovation in the AI space, as limiting access could stifle the development of alternative AI solutions that could benefit users.

A researcher has found that some private Instagram accounts were inadvertently allowing access to their photo links by users who weren't logged in. This issue raised concerns about user privacy, as it meant that photos intended for private viewing could be seen by anyone with the link. Although Meta, Instagram's parent company, addressed the problem, they classified the report as not applicable and did not respond to requests for further information. This incident highlights ongoing challenges in protecting user data on social media platforms, emphasizing the need for companies to prioritize security and privacy measures to safeguard their users' content.

Meta has introduced a new security feature for WhatsApp aimed at protecting high-risk users, such as journalists and public figures, from sophisticated cyber threats like spyware. This 'lockdown mode' provides enhanced security measures, making it harder for attackers to gain unauthorized access to sensitive information. The feature is particularly important as these individuals often face targeted attacks due to their work and public visibility. With the rise of cyber espionage and invasive spyware, this initiative from Meta is a proactive step to safeguard vulnerable users. The rollout of this feature reflects a growing recognition of the need for stronger protections in the digital communication space.

A recent data leak has exposed millions of account credentials from various platforms, including Gmail, Facebook, and numerous financial services. This dataset contains sensitive information, potentially affecting countless users who have accounts on these platforms. The breach raises serious concerns about identity theft and fraud, as attackers may exploit this data for malicious activities. Users are urged to change their passwords immediately and enable two-factor authentication where available. This incident highlights the ongoing challenges of online security, reminding everyone of the importance of safeguarding personal information.

Meta has addressed a vulnerability in Instagram that allowed unauthorized parties to send password reset emails. This flaw raised concerns about potential account takeovers, as attackers could exploit it to gain access to user accounts. Despite claims of leaked data, Meta has denied any data breach, stating they have only fixed the reset issue. Users should be aware of this vulnerability, especially if they received unexpected password reset emails, as it indicates the possibility of malicious activity. It's important for users to enable additional security measures, such as two-factor authentication, to further protect their accounts.

The article discusses a vulnerability in Opto 22's groov View that allows for the exposure of sensitive information through metadata, potentially leading to credential and key exposure as well as privilege escalation. This vulnerability, assigned CVE-2025-13084, has a CVSS v4 score of 6.1 and affects multiple versions of groov View, necessitating immediate remediation to mitigate risks.

The Opto 22 GRV-EPIC and groov RIO products are vulnerable to an OS Command Injection flaw that could allow remote attackers to execute arbitrary shell commands with root privileges. This vulnerability, identified as CVE-2025-13087, has a CVSS v4 score of 7.5, indicating a significant risk to affected systems.