VulnHub

U.S. Senator Chuck Grassley is investigating eight major tech companies for potentially failing to properly report instances of child sexual abuse material (CSAM). The companies under scrutiny include Meta, Amazon AI Services, TikTok, Snapchat, Discord, X.AI, Grindr, and Roblox. This inquiry follows concerns about how these platforms handle and report CSAM, which is a significant issue given the potential harm to children and the legal obligations these companies have. Grassley's investigation aims to ensure that these tech giants are held accountable for their reporting practices and that they take necessary steps to protect vulnerable users. The outcome of this probe could lead to stricter regulations and oversight of how online platforms manage and report such sensitive content.

A security researcher has discovered a vulnerability in WhatsApp that allows users to bypass the app's 'View Once' feature, which is designed to make images and videos disappear after being viewed. This issue arises from the use of a modified client application, and Meta, the parent company of WhatsApp, has stated it will not release a patch for this vulnerability. The decision not to address the flaw raises concerns about user privacy, as it undermines the security feature intended to protect sensitive media. Users who rely on this feature for confidential communications may be at risk of having their private content saved and shared without consent. The vulnerability's existence highlights the potential for modified applications to exploit weaknesses in popular messaging platforms.

The ongoing conflict in Iran is expected to extend, leading to an increase in cyber threats and potential disruptions in energy supply across the region. Companies operating in the Middle East may face heightened risks as tensions escalate. Cybersecurity experts are warning that this situation could result in more frequent and severe cyberattacks aimed at critical infrastructure and private enterprises. The implications of such attacks could be wide-ranging, impacting not just local businesses but also global markets and energy prices. Stakeholders in the region are advised to bolster their cybersecurity measures to mitigate potential risks.

Meta has taken significant action against scam operations by disabling over 150,000 accounts linked to scam centers in Asia. This initiative is part of a broader effort to combat online fraud, which has increasingly targeted users on social media platforms. By disrupting these centers, Meta aims to protect its users from scams that can lead to financial loss and identity theft. The company also launched new protection tools to enhance user safety and prevent future scams. This response reflects the growing challenge of online scams and the need for tech companies to actively safeguard their platforms.

The article raises concerns about privacy related to Ray-Ban smart glasses equipped with Meta's technology. Security experts warn that these glasses have the potential to record video and capture images without the knowledge of those nearby. This capability could lead to unauthorized surveillance, making people feel uncomfortable or unsafe in public spaces. As wearable technology becomes more integrated into daily life, users and bystanders alike need to be aware of the risks associated with devices that can secretly record their surroundings. The discussion emphasizes the importance of understanding how these devices operate and the implications for personal privacy.

The European Commission is taking action against Meta, alleging that the company violated EU competition laws by restricting access to WhatsApp for third-party AI assistants. In a change announced on October 15, 2025, Meta updated its WhatsApp Business Solution Terms, effectively preventing outside AI programs from interacting with users on the platform. Since January 15, 2026, Meta's own AI assistant has been the only one allowed on WhatsApp. The Commission is planning to impose interim measures while investigating these practices. This situation raises concerns about competition and innovation in the AI space, as limiting access could stifle the development of alternative AI solutions that could benefit users.

A researcher has found that some private Instagram accounts were inadvertently allowing access to their photo links by users who weren't logged in. This issue raised concerns about user privacy, as it meant that photos intended for private viewing could be seen by anyone with the link. Although Meta, Instagram's parent company, addressed the problem, they classified the report as not applicable and did not respond to requests for further information. This incident highlights ongoing challenges in protecting user data on social media platforms, emphasizing the need for companies to prioritize security and privacy measures to safeguard their users' content.

Meta has introduced a new security feature for WhatsApp aimed at protecting high-risk users, such as journalists and public figures, from sophisticated cyber threats like spyware. This 'lockdown mode' provides enhanced security measures, making it harder for attackers to gain unauthorized access to sensitive information. The feature is particularly important as these individuals often face targeted attacks due to their work and public visibility. With the rise of cyber espionage and invasive spyware, this initiative from Meta is a proactive step to safeguard vulnerable users. The rollout of this feature reflects a growing recognition of the need for stronger protections in the digital communication space.

A recent data leak has exposed millions of account credentials from various platforms, including Gmail, Facebook, and numerous financial services. This dataset contains sensitive information, potentially affecting countless users who have accounts on these platforms. The breach raises serious concerns about identity theft and fraud, as attackers may exploit this data for malicious activities. Users are urged to change their passwords immediately and enable two-factor authentication where available. This incident highlights the ongoing challenges of online security, reminding everyone of the importance of safeguarding personal information.

Meta has addressed a vulnerability in Instagram that allowed unauthorized parties to send password reset emails. This flaw raised concerns about potential account takeovers, as attackers could exploit it to gain access to user accounts. Despite claims of leaked data, Meta has denied any data breach, stating they have only fixed the reset issue. Users should be aware of this vulnerability, especially if they received unexpected password reset emails, as it indicates the possibility of malicious activity. It's important for users to enable additional security measures, such as two-factor authentication, to further protect their accounts.

The article discusses a vulnerability in Opto 22's groov View that allows for the exposure of sensitive information through metadata, potentially leading to credential and key exposure as well as privilege escalation. This vulnerability, assigned CVE-2025-13084, has a CVSS v4 score of 6.1 and affects multiple versions of groov View, necessitating immediate remediation to mitigate risks.

The Opto 22 GRV-EPIC and groov RIO products are vulnerable to an OS Command Injection flaw that could allow remote attackers to execute arbitrary shell commands with root privileges. This vulnerability, identified as CVE-2025-13087, has a CVSS v4 score of 7.5, indicating a significant risk to affected systems.