Eight years after a researcher alerted WhatsApp to vulnerabilities allowing mass extraction of user phone numbers, a new investigation from the University of Vienna has confirmed that this issue persists. The researchers employed a technique exploiting WhatsApp’s discovery function, which allows individuals to check if a phone number is registered…
Massive Data Exposure on WhatsApp Highlights Privacy Vulnerabilities In a significant development for data privacy, researchers from Austria have demonstrated that a systematic check of WhatsApp’s contact discovery feature has led to the exposure of an estimated 3.5 billion phone numbers associated with users of the messaging platform. This capability…
A hacking group, active in the Middle East since at least 2017, has been detected impersonating popular messaging applications like Telegram and Threema. This tactic is part of their strategy to deploy a new variant of malware targeting Android devices, a threat that had not been previously documented. According to…
On Wednesday, Facebook disclosed its efforts to dismantle cyber operations linked to two state-sponsored hacking groups based in Palestine that have exploited its platform for malware distribution. These activities primarily originated from the Preventive Security Service (PSS), a security entity of the Palestinian Authority, and a group identified as Arid…
French data protection authority, CNIL, has determined that Google Analytics breaches the European Union’s General Data Protection Regulation (GDPR). This ruling follows a similar finding in Austria just weeks prior. The CNIL’s investigation into the transatlantic transfer of Google Analytics data revealed that this practice lacks appropriate regulatory oversight, particularly…
On Tuesday, the Irish Data Protection Commission (DPC) imposed a fine of €17 million (approximately $18.6 million) on Meta Platforms, the parent company of Facebook and WhatsApp, due to a series of security failures that breached the European Union’s General Data Protection Regulation (GDPR). The DPC determined that Meta Platforms…
This week’s cybersecurity highlights draw attention to rising threats stemming from misconfigurations, software vulnerabilities, and sophisticated malware. The incidents outlined below require the immediate focus of IT teams and business executives. ISC has addressed CVE-2025-5470 in BIND 9, a denial-of-service vulnerability impacting versions 9.16.0 to 9.18.26. The vulnerability enables server…
The best of Voices delivered to your inbox every week—covering everything from controversial columns to expert analysis Subscribe to our free weekly Voices newsletter for insightful opinion and columns Enroll in our complimentary weekly Voices newsletter In a troubling incident from August 2023, a significant data breach occurred within the…
The Data Protection Commission (DPC) of Ireland has imposed a substantial fine of €265 million (approximately $277 million) on Meta Platforms, the parent company of Facebook. This penalty stems from a significant breach involving the personal data of over 500 million users, exacerbating the scrutiny on U.S. tech companies regarding…
