WhatsApp flaw can let attackers run malicious code on Windows PCs

On January 31, after mitigating the security issue server-side, WhatsApp alerted roughly 90 Android users from over two dozen countries, including Italian journalists and activists who were targeted in Paragon spyware attacks using the zero-click exploit. "A spoofing issue in WhatsApp for Windows prior to version 2.2450.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment's filename extension," WhatsApp explained in a Tuesday advisory. More recently, following reports from security researchers at the University of Toronto's Citizen Lab, WhatsApp also patched a zero-click, zero-day security vulnerability that was exploited to install Paragon's Graphite spyware. Court documents revealed that NSO allegedly deployed Pegasus spyware in zero-click attacks that exploited WhatsApp vulnerabilities using multiple zero-day exploits. The documents also said that the spyware maker's developers reverse-engineered WhatsApp's code to create tools that sent malicious messages that installed spyware, violating federal and state laws. Meta warned Windows users to update the WhatsApp messaging app to the latest version to patch a vulnerability that can let attackers execute malicious code on their devices. Last December, a U.S. federal judge also ruled that Israeli spyware maker NSO Group used WhatsApp zero-days to deploy Pegasus spyware on at least 1,400 devices, thus violating U.S. hacking laws. In July 2024, WhatsApp addressed a slightly similar issue that allowed Python and PHP attachments to be executed without warning when recipients opened them on Windows devices with Python installed. Described as a spoofing issue and tracked as CVE-2025-30401, this security flaw can be exploited by attackers by sending maliciously crafted files with altered file types to potential targets.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 08 Apr 2025 16:25:17 +0000


Cyber News related to WhatsApp flaw can let attackers run malicious code on Windows PCs

WhatsApp flaw can let attackers run malicious code on Windows PCs - On January 31, after mitigating the security issue server-side, WhatsApp alerted roughly 90 Android users from over two dozen countries, including Italian journalists and activists who were targeted in Paragon spyware attacks using the zero-click ...
1 month ago Bleepingcomputer.com CVE-2025-30401
WhatsApp's new Advanced Chat Privacy protects sensitive messages - "Today we're introducing our latest layer for privacy called 'Advanced Chat Privacy.' This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp ...
1 month ago Bleepingcomputer.com
NSO Group fined $167M for spyware attacks on 1,400 WhatsApp users - Meta filed the lawsuit against NSO Group on October 29, 2019, in the U.S. District Court for the Northern District of California, alleging that NSO had exploited a vulnerability in WhatsApp's calling feature to deliver its Pegasus spyware to ...
3 weeks ago Bleepingcomputer.com CVE-2019-3568
WhatsApp's Meta AI is now rolling out in Europe, and it can't be turned off - The chatbot built into WhatsApp is not as powerful as Meta AI's web app, but it can answer your questions, reply with a large chunk of text, share links from Bing, and even create images. On March 19, WhatsApp owner Meta announced that a variety ...
2 months ago Bleepingcomputer.com
WhatsApp Hit with €55 Million Fine for Privacy Violations - WhatsApp is facing an €55 million privacy-related fine from the European Union’s data protection authority for allegedly violating the region's data protection laws. ...
2 years ago Thehackernews.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
WhatsApp Vulnerability Let Attackers Execute Malicious Code Via Attachments - “A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp,” stated the official advisory from Facebook, ...
1 month ago Cybersecuritynews.com CVE-2025-30401
WhatsApp's new Secret Code feature hides your locked chats - WhatsApp has introduced a new Secret Code feature that allows users to hide their locked chats by setting a custom password. After it reaches your device, you can set a code specifically for securing locked chats independent from the device unlock ...
1 year ago Bleepingcomputer.com
WhatsApp Secret Code Feature Lets Users Set Unique Passwords - WhatsApp has announced the rollout of a new feature to safeguard sensitive conversations. The Secret Code feature provides additional protection to ensure users' private conversations remain secure and protected from unauthorized access. WhatsApp has ...
1 year ago Cybersecuritynews.com
WhatsApp Beta Testing Expanded Authentication Methods for App Lock Feature - In a world where privacy and security are increasingly important, WhatsApp continues to prioritize the protection of user data through encrypted messaging. Recently, the app has been testing a new label to highlight chat encryption, further ...
1 year ago Cysecurity.news
US Jury Orders NSO Group to Pay $168 Million to WhatsApp - Meta hailed the verdict as a milestone for digital privacy and security, stating, “Today’s verdict in the WhatsApp case marks a significant advancement for privacy and security, representing the first triumph against the creation and utilization ...
3 weeks ago Cybersecuritynews.com
WhatsApp Fined €5.5 Million for Enforcing Data Processing Update - Heimdal Security recently reported that WhatsApp, the world’s most popular messaging service, has been fined €5.5 million by the Italian Data Protection Authority (GPDR) for violating user privacy. According to the report, the WhatsApp ...
2 years ago Heimdalsecurity.com
WhatsApp Chats Will Soon Work With Other Encrypted Messaging Apps - Despite WhatsApp working on its interoperability plan for more than a year, it will still take some time for third-party chats to hit people's apps. Messaging companies that want to interoperate with WhatsApp or Messenger will need to sign an ...
1 year ago Wired.com
CVE-2019-3568 - A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android ...
2 months ago
Jury orders NSO Group to pay $168 million to WhatsApp for facilitating Pegasus hacks of its users | The Record from Recorded Future News - NSO’s case was severely hampered by its inability to offer the court any details of its clients' aims in the attacks, prompting Northern California federal judge Phyllis Hamilton to bar the spyware firm from presenting any evidence related to ...
3 weeks ago Therecord.media
WhatsApp, Slack, Teams, and other messaging platforms face constant security risks - 42% of businesses report employees with BYOD devices in business settings that use tools like WhatsApp have led to new security incidents, according to SafeGuard Cyber. Messaging platforms like WhatsApp, Telegram, Slack, and Teams face constant ...
1 year ago Helpnetsecurity.com
Paragon Spyware Exploited WhatsApp Zero-day Vulnerability to Attack High-value Targets - Researchers have uncovered extensive evidence linking Israeli firm Paragon Solutions to a sophisticated spyware operation that exploited a zero-day vulnerability in WhatsApp to target journalists and civil society members. The investigation confirmed ...
2 months ago Cybersecuritynews.com
Report: Organisations Have Endpoint Security Tools But Are Still Falling Short on the Basics - Most IT and security teams would agree that ensuring endpoint security and network access security applications are running in compliance with security policies on managed PCs should be a basic task. A new report from Absolute Security, based on ...
1 year ago Techrepublic.com
Falcon Cloud Security Supports Google Cloud Run to Strengthen Serverless Application Security - We're thrilled to share that the CrowdStrike Falcon® sensor now fully supports Google Cloud Run, bringing advanced security capabilities to your serverless applications. While we announced this at Google Cloud Next in April 2024, this blog goes ...
11 months ago Crowdstrike.com
"PlugX Malware: Study its Impact on USB Windows PCs" - PlugX malware is a destructive type of malicious software designed to take over a Windows computer system. It has become a major problem for Windows users, leading to the loss of important files, data and systems. To understand how malware like PlugX ...
2 years ago Hackread.com
CVE-2016-7830 - Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication ...
7 years ago
Microsoft to roll out AI powered PCs concerningly in coming years - Microsoft is poised to revolutionize the landscape of personal computing with its upcoming line of AI-powered PCs, signaling a significant shift in user experience and productivity. These cutting-edge devices, akin to the already unveiled Copilot, ...
1 year ago Cybersecurity-insiders.com
CVE-2018-6350 - An out-of-bounds read was possible in WhatsApp due to incorrect parsing of RTP extension headers. This issue affects WhatsApp for Android prior to 2.18.276, WhatsApp Business for Android prior to 2.18.99, WhatsApp for iOS prior to 2.18.100.6, ...
5 years ago
CVE-2021-24042 - The calling logic for WhatsApp for Android prior to v2.21.23, WhatsApp Business for Android prior to v2.21.23, WhatsApp for iOS prior to v2.21.230, WhatsApp Business for iOS prior to v2.21.230, WhatsApp for KaiOS prior to v2.2143, WhatsApp Desktop ...
3 years ago
WhatsApp’s New Advanced Chat Privacy Feature to Protect Sensitive Conversations - Available for both one-on-one and group chats, Advanced Chat Privacy empowers users to block others from exporting chat histories, automatically downloading shared media, and using messages for AI features. While Advanced Chat Privacy significantly ...
1 month ago Cybersecuritynews.com