Tag WhatsApp

WhatsApp Image Filter Vulnerability May Have Exposed User Data to Remote Attacks

A recently patched high-severity security flaw in WhatsApp’s image filter feature posed a serious risk of allowing malicious images to extract sensitive information from the app’s memory. Identified as CVE-2020-1910 (CVSS score: 7.8), this vulnerability involved out-of-bounds read/write errors that could be exploited by applying specific filters to a crafted image before sending it to an unsuspecting recipient, enabling attackers to access critical data. According to WhatsApp’s advisory from February 2021, “A missing bounds check in WhatsApp for Android prior to version 2.21.1.13 and WhatsApp Business prior to the same version could have led to this vulnerability.” The issue was reported to the Facebook-owned platform by cybersecurity firm Check Point Research on November 10, 2020.

WhatsApp Photo Filter Vulnerability Could Have Exposed User Data to Remote Threats On September 2, 2021, it was revealed that a significant security flaw in WhatsApp’s image-filtering capability posed a risk of data exposure to unauthorized remote attackers. This vulnerability, designated CVE-2020-1910 and assigned a CVSS score of 7.8, was…

Read More

WhatsApp Image Filter Vulnerability May Have Exposed User Data to Remote Attacks

A recently patched high-severity security flaw in WhatsApp’s image filter feature posed a serious risk of allowing malicious images to extract sensitive information from the app’s memory. Identified as CVE-2020-1910 (CVSS score: 7.8), this vulnerability involved out-of-bounds read/write errors that could be exploited by applying specific filters to a crafted image before sending it to an unsuspecting recipient, enabling attackers to access critical data. According to WhatsApp’s advisory from February 2021, “A missing bounds check in WhatsApp for Android prior to version 2.21.1.13 and WhatsApp Business prior to the same version could have led to this vulnerability.” The issue was reported to the Facebook-owned platform by cybersecurity firm Check Point Research on November 10, 2020.

Apple Alerts French Users of Fourth Spyware Campaign in 2025, Confirms CERT-FR

Sep 12, 2025

Apple has warned users in France about a new spyware campaign affecting their devices, as confirmed by the Computer Emergency Response Team of France (CERT-FR). Alerts were issued on September 3, 2025, marking the fourth occurrence this year where Apple notified citizens that at least one device linked to their iCloud accounts may have been compromised through targeted attacks. CERT-FR did not disclose specifics regarding the reasons behind these alerts. Previous notifications were sent on March 5, April 29, and June 25. Apple has been issuing these warnings since November 2021. According to CERT-FR, “These sophisticated attacks target individuals based on their status or role, including journalists, lawyers, activists, politicians, and senior officials in key sectors.” This news arrives shortly after a security vulnerability in WhatsApp (CVE-2025-55177, CVSS score: 5.4) was linked to similar threats.

Apple Alerts French Users to Fourth Spyware Campaign in 2025, CERT-FR Validates Findings On September 12, 2025, Apple issued a warning to its users in France regarding an ongoing spyware campaign that specifically targets their devices. This advisory comes as confirmed by the Computer Emergency Response Team of France (CERT-FR),…

Read More

Apple Alerts French Users of Fourth Spyware Campaign in 2025, Confirms CERT-FR

Sep 12, 2025

Apple has warned users in France about a new spyware campaign affecting their devices, as confirmed by the Computer Emergency Response Team of France (CERT-FR). Alerts were issued on September 3, 2025, marking the fourth occurrence this year where Apple notified citizens that at least one device linked to their iCloud accounts may have been compromised through targeted attacks. CERT-FR did not disclose specifics regarding the reasons behind these alerts. Previous notifications were sent on March 5, April 29, and June 25. Apple has been issuing these warnings since November 2021. According to CERT-FR, “These sophisticated attacks target individuals based on their status or role, including journalists, lawyers, activists, politicians, and senior officials in key sectors.” This news arrives shortly after a security vulnerability in WhatsApp (CVE-2025-55177, CVSS score: 5.4) was linked to similar threats.

Apple Releases Backported Fix for CVE-2025-43300 Following Targeted Spyware Attack

September 16, 2025
Vulnerability | Spyware

On Monday, Apple announced backported fixes for the recently addressed security vulnerability CVE-2025-43300, which has been actively exploited. This critical flaw, with a CVSS score of 8.8, is an out-of-bounds write issue in the ImageIO component that can lead to memory corruption when processing malicious image files. Apple noted that this vulnerability may have been leveraged in a sophisticated attack against specific individuals. In a related development, WhatsApp reported a vulnerability (CVE-2025-55177, CVSS score: 5.4) within its iOS and macOS messaging apps that was exploited alongside CVE-2025-43300 in targeted spyware attacks against fewer than 200 victims. The original fix for the vulnerability was rolled out by Apple in late August with the releases of iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1. Additional releases have also been made for other platforms…

Apple Addresses Vulnerability CVE-2025-43300 After Reports of Targeted Spyware Attacks September 16, 2025 Apple has recently implemented backported fixes for a significant security vulnerability, CVE-2025-43300, which has reportedly been exploited in sophisticated, targeted spyware incidents. The flaw, rated 8.8 on the CVSS scale, pertains to an out-of-bounds write issue within…

Read More

Apple Releases Backported Fix for CVE-2025-43300 Following Targeted Spyware Attack

September 16, 2025
Vulnerability | Spyware

On Monday, Apple announced backported fixes for the recently addressed security vulnerability CVE-2025-43300, which has been actively exploited. This critical flaw, with a CVSS score of 8.8, is an out-of-bounds write issue in the ImageIO component that can lead to memory corruption when processing malicious image files. Apple noted that this vulnerability may have been leveraged in a sophisticated attack against specific individuals. In a related development, WhatsApp reported a vulnerability (CVE-2025-55177, CVSS score: 5.4) within its iOS and macOS messaging apps that was exploited alongside CVE-2025-43300 in targeted spyware attacks against fewer than 200 victims. The original fix for the vulnerability was rolled out by Apple in late August with the releases of iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1. Additional releases have also been made for other platforms…

🔍 Weekly Overview: Fortinet Vulnerability, Chrome Zero-Day, BadIIS Malware, Record DDoS Attack, SaaS Security Incident & More

Cybersecurity Weekly Update: New Vulnerabilities and Persistent Threats This week, the cybersecurity landscape revealed alarming developments as multiple organizations fell victim to sophisticated attacks, highlighting the evolving tactics employed by cybercriminals. Notably, Fortinet disclosed a serious vulnerability affecting its FortiWeb application firewall, categorized as CVE-2025-58034. This flaw, assigned a medium…

Read More🔍 Weekly Overview: Fortinet Vulnerability, Chrome Zero-Day, BadIIS Malware, Record DDoS Attack, SaaS Security Incident & More

PayPal Links Minor Data Breach and Fraud to App Coding Mistake

Data Breach Notification, Data Security, Finance & Banking Fintech Leader Reports Personal Data Breach Affecting Business Users of Loan Application Mathew J. Schwartz (euroinfosec) • February 23, 2026 PayPal recently revealed a data breach that lasted six months and led to the exposure of some business customers’ personal information, resulting…

Read MorePayPal Links Minor Data Breach and Fraud to App Coding Mistake

Hackers Leverage New Flash Zero-Day Vulnerability to Spread FinFisher Spyware

Recent reports have unveiled the resurgence of FinSpy, a notorious surveillance malware, which is now targeting high-profile users via a fresh Adobe Flash zero-day exploit embedded within Microsoft Office documents. This significant threat was uncovered by security experts from Kaspersky Labs, who identified a vulnerability in Adobe Flash that is…

Read MoreHackers Leverage New Flash Zero-Day Vulnerability to Spread FinFisher Spyware

North Korean Hackers Leverage Zero-Day Vulnerability to Attack Cybersecurity Researchers

Recent investigations by Google’s Threat Analysis Group (TAG) have revealed that North Korean hackers are persistently targeting the cybersecurity community through the exploitation of a zero-day vulnerability in an unspecified software application. This campaign has gained momentum over the past several weeks, highlighting sophisticated tactics employed to infiltrate the systems…

Read MoreNorth Korean Hackers Leverage Zero-Day Vulnerability to Attack Cybersecurity Researchers