US Jury Orders NSO Group to Pay $168 Million to WhatsApp

Meta hailed the verdict as a milestone for digital privacy and security, stating, “Today’s verdict in the WhatsApp case marks a significant advancement for privacy and security, representing the first triumph against the creation and utilization of unlawful spyware that endangers the safety and privacy of individuals”. The verdict, delivered on Tuesday, concludes a six-year legal battle between Meta Platforms, the parent company of WhatsApp, and NSO Group, whose Pegasus spyware was used to hack the messaging app’s users around the world. A federal jury in California has ordered Israeli spyware maker NSO Group to pay WhatsApp approximately $168 million in damages, marking a watershed moment in the fight against commercial cyberespionage. Meta-owned WhatsApp filed the lawsuit in 2019 after discovering that Pegasus, NSO’s powerful surveillance tool, had been used to infiltrate the devices of about 1,400 users, including journalists, human rights activists, and government officials, across 20 countries. NSO Group, for its part, defended its technology as a tool for fighting crime and terrorism, and indicated plans to appeal the verdict, arguing that the jury was not allowed to consider evidence about the alleged positive uses of Pegasus by government agencies. Legal experts and human rights advocates say the ruling sets a precedent for holding spyware vendors accountable for abuses, dealing a major blow to one of the world’s most prolific surveillance firms. As the spyware industry continues to grow, the outcome of this case is expected to influence ongoing debates about surveillance, privacy, and the responsibilities of technology providers worldwide. Will Cathcart, head of WhatsApp, called the ruling a “critical deterrent to the spyware industry against their unlawful activities directed at American companies and our global users”. Testimony revealed that NSO charged government clients millions of dollars to hack devices via Pegasus, and that the company continued to update its tools even after WhatsApp patched vulnerabilities and initiated the lawsuit. The spyware exploited a zero-click vulnerability, enabling attackers to compromise phones without any user interaction, granting access to messages, emails, calls, and even the ability to remotely activate cameras and microphones. The jury awarded $444,719 in compensatory damages to cover WhatsApp’s costs to patch the exploited vulnerabilities and an additional $167.3 million in punitive damages to deter similar conduct in the future.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 07 May 2025 02:15:01 +0000


Cyber News related to US Jury Orders NSO Group to Pay $168 Million to WhatsApp

CVE-2022-49532 - In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes drm_cvt_mode may return NULL and we should check it. This bug is found by syzkaller: FAULT_INJECTION stacktrace: ...
3 months ago Tenable.com
Jury orders NSO Group to pay $168 million to WhatsApp for facilitating Pegasus hacks of its users | The Record from Recorded Future News - NSO’s case was severely hampered by its inability to offer the court any details of its clients' aims in the attacks, prompting Northern California federal judge Phyllis Hamilton to bar the spyware firm from presenting any evidence related to ...
3 weeks ago Therecord.media
US Jury Orders NSO Group to Pay $168 Million to WhatsApp - Meta hailed the verdict as a milestone for digital privacy and security, stating, “Today’s verdict in the WhatsApp case marks a significant advancement for privacy and security, representing the first triumph against the creation and utilization ...
3 weeks ago Cybersecuritynews.com
NSO Group fined $167M for spyware attacks on 1,400 WhatsApp users - Meta filed the lawsuit against NSO Group on October 29, 2019, in the U.S. District Court for the Northern District of California, alleging that NSO had exploited a vulnerability in WhatsApp's calling feature to deliver its Pegasus spyware to ...
3 weeks ago Bleepingcomputer.com CVE-2019-3568
CVE-2024-46857 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix bridge mode operations when there are no VFs Currently, trying to set the bridge mode attribute when numvfs=0 leads to a crash: bridge link set dev eth2 hwmode vepa [ ...
8 months ago Tenable.com
WhatsApp flaw can let attackers run malicious code on Windows PCs - On January 31, after mitigating the security issue server-side, WhatsApp alerted roughly 90 Android users from over two dozen countries, including Italian journalists and activists who were targeted in Paragon spyware attacks using the zero-click ...
1 month ago Bleepingcomputer.com CVE-2025-30401
WhatsApp Hit with €55 Million Fine for Privacy Violations - WhatsApp is facing an €55 million privacy-related fine from the European Union’s data protection authority for allegedly violating the region's data protection laws. ...
2 years ago Thehackernews.com
WhatsApp's new Advanced Chat Privacy protects sensitive messages - "Today we're introducing our latest layer for privacy called 'Advanced Chat Privacy.' This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp ...
1 month ago Bleepingcomputer.com
WhatsApp's Meta AI is now rolling out in Europe, and it can't be turned off - The chatbot built into WhatsApp is not as powerful as Meta AI's web app, but it can answer your questions, reply with a large chunk of text, share links from Bing, and even create images. On March 19, WhatsApp owner Meta announced that a variety ...
2 months ago Bleepingcomputer.com
US judge rejects NSO's attempt to dismiss Apple lawsuit The Register - A US court has rejected spyware vendor NSO Group's motion to dismiss a lawsuit filed by Apple that alleges the developer violated computer fraud and other laws by infecting customers' iDevices with its surveillance software. Apple sued NSO, developer ...
1 year ago Theregister.com
Pegasus Spyware Targets Jordanian Civil Society in Wide-Ranging Attacks - Journalists, lawyers, and human-rights activists in the Middle Eastern nation of Jordan face increased surveillance from the controversial Pegasus spyware app, with nearly three dozen civilians targeted over the past four years. According to an ...
1 year ago Darkreading.com
WhatsApp Fined €5.5 Million for Enforcing Data Processing Update - Heimdal Security recently reported that WhatsApp, the world’s most popular messaging service, has been fined €5.5 million by the Italian Data Protection Authority (GPDR) for violating user privacy. According to the report, the WhatsApp ...
2 years ago Heimdalsecurity.com
WhatsApp's new Secret Code feature hides your locked chats - WhatsApp has introduced a new Secret Code feature that allows users to hide their locked chats by setting a custom password. After it reaches your device, you can set a code specifically for securing locked chats independent from the device unlock ...
1 year ago Bleepingcomputer.com
Victory! Grand Jury Finds Sacramento Cops Illegally Shared Driver Data - For the past year, EFF has been sounding the alarm about police in California illegally sharing drivers' location data with anti-abortion states, putting abortion seekers and providers at risk of prosecution. We thus applaud the Sacramento County ...
11 months ago Eff.org
Paragon Spyware Exploited WhatsApp Zero-day Vulnerability to Attack High-value Targets - Researchers have uncovered extensive evidence linking Israeli firm Paragon Solutions to a sophisticated spyware operation that exploited a zero-day vulnerability in WhatsApp to target journalists and civil society members. The investigation confirmed ...
2 months ago Cybersecuritynews.com
WhatsApp Vulnerability Let Attackers Execute Malicious Code Via Attachments - “A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp,” stated the official advisory from Facebook, ...
1 month ago Cybersecuritynews.com CVE-2025-30401
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
7 months ago Securelist.com
Italian Data Protection Authority Fines WhatsApp €5.5 Million - The Italian Data Protection Authority (DPA) has fined WhatsApp €5.5 million as a result of violations of the European Union’s General Data Protection Regulation (GDPR). ...
2 years ago Securityaffairs.com
WhatsApp Secret Code Feature Lets Users Set Unique Passwords - WhatsApp has announced the rollout of a new feature to safeguard sensitive conversations. The Secret Code feature provides additional protection to ensure users' private conversations remain secure and protected from unauthorized access. WhatsApp has ...
1 year ago Cybersecuritynews.com
WhatsApp Chats Will Soon Work With Other Encrypted Messaging Apps - Despite WhatsApp working on its interoperability plan for more than a year, it will still take some time for third-party chats to hit people's apps. Messaging companies that want to interoperate with WhatsApp or Messenger will need to sign an ...
1 year ago Wired.com
WhatsApp Beta Testing Expanded Authentication Methods for App Lock Feature - In a world where privacy and security are increasingly important, WhatsApp continues to prioritize the protection of user data through encrypted messaging. Recently, the app has been testing a new label to highlight chat encryption, further ...
1 year ago Cysecurity.news
Cybersecurity Industry Gains $1.7 Billion to Develop Cutting-Edge Protection Technologies - As digital threats grow in sophistication, the cybersecurity sector has ignited a funding frenzy, with startups raising $1.7 billion in April 2025 alone ahead of the RSA Conference in San Francisco. As banks and fintechs face a 40% spike in ...
2 weeks ago Cybersecuritynews.com
CVE-2019-3568 - A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android ...
2 months ago
WhatsApp, Slack, Teams, and other messaging platforms face constant security risks - 42% of businesses report employees with BYOD devices in business settings that use tools like WhatsApp have led to new security incidents, according to SafeGuard Cyber. Messaging platforms like WhatsApp, Telegram, Slack, and Teams face constant ...
1 year ago Helpnetsecurity.com
T-Mobile pays $31.5 million FCC settlement over 4 data breaches - "With companies like T-Mobile and other telecom service providers operating in a space where national security and consumer protection interests overlap, we are focused on ensuring critical technical changes are made to telecommunications networks to ...
8 months ago Bleepingcomputer.com