"WhatsApp Patches Actively Exploited Flaw - WhatsApp addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 relates to a case of insufficient authorization of linked device synchronization messages. The Meta-owned company said the issue "could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target's device.""
"U.S. Treasury Continues to Hit IT Worker Scheme with Sanctions - The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) sanctioned a fraudulent IT worker network linked to the Democratic People's Republic of Korea (DPRK). This included Vitaliy Sergeyevich Andreyev, a Russian national who facilitated payments to Chinyong Information Technology Cooperation Company (Chinyong), also known as Jinyong IT Cooperation Company, which was sanctioned by OFAC and South Korea's Ministry of Foreign Affairs (MO"
Cyber risk increasingly arises from chains of small weaknesses that combine to produce large breaches. Attackers mix stolen credentials, unpatched software, and social-engineering to move from minor access to full compromise. A linked-device authorization flaw in WhatsApp (CVE-2025-55177) could have allowed processing of arbitrary URL content and may have been chained with an Apple zero-day (CVE-2025-43300) in targeted spyware attacks, prompting in-app notifications to under 200 users. The U.S. Treasury's OFAC sanctioned a fraudulent IT worker network tied to the DPRK that facilitated payments to sanctioned Chinyong/Jinyong IT Cooperation. Defenders must prioritize patching, access controls, monitoring, and threat hunting for chained attack paths.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]