Meta has published a new security advisory for messaging app WhatsApp, announcing patches for two vulnerabilities.
WhatsApp has fixed two security flaws that could be abused to interfere with how media and attachments are handled on your device. There is no evidence that either bug has been exploited in the wild. These bugs don’t automatically infect devices, but they lower the barrier for social engineering and could be chained with other vulnerabilities for more serious attacks.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- ConnectWise rotating code signing certificates due to security concerns
June 9, 2025
ConnectWise is updating the digital signing certificates used in ScreenConnect, ConnectWise Automate, and ConnectWise RMM due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions. In addition to issuing new certificates, ConnectWise is releasing an update to improve how this configuration data is managed in ScreenConnect. This issue ...
- Fortinet Flaws Exploited by Qilin Ransomware
June 8, 2025
Fortinet was recently found to have certain vulnerabilities that hackers like the Qilin group exploited. Here’s how they manipulated these weaknesses: Misconfigurations in security appliances provided a direct entry point for Qilin.Outdated Software: Failure to update Fortinet software allowed the ransomware to exploit known vulnerabilities. Qilin also employs social engineering tactics to gain unauthorized access: Phishing Attacks: Targeting employees ...
- Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721
June 6, 2025
The abuse of known security flaws to deploy bots on vulnerable systems is a widely recognized problem. Many automated bots constantly search the web for known vulnerabilities in servers and devices connected to the internet, especially those running popular services. These bots often carry Remote Code Execution (RCE) exploits targeting HTTP services, allowing attackers to embed ...
- Cisco Releases Security Advisory Affecting Cisco Identity Service Engine
June 5, 2025
Cisco has released software updates for its Identity Service Engine (ISE). The updates address a critical severity vulnerability in the ISE product. Cisco Identity Services Engine (ISE) is a context-aware policy service to control access and threats across wired, wireless, and VPN networks. CVE-2025-20286 has a CVSSv3 score of 9.9 and is a “use of hard-coded ...
- Roundcube Releases Security Updates for Webmail
June 4, 2025
Roundcube has released versions 1.6.11 and 1.5.10 for its Webmail product. The updated versions address a critical severity vulnerability in the Webmail product. CVE-2025-49113 has a CVSSv3 score of 9.9 and is a “deserialisation of untrusted data” vulnerability. An authenticated remote attacker could exploit this vulnerability to achieve remote code execution. Read more… Source: NHS Digital Sign up for ...
- Android chipmaker Qualcomm fixes three zero-days exploited by hackers
June 3, 2025
Chipmaker giant Qualcomm released patches on Monday fixing a series of vulnerabilities in dozens of chips, including three zero-days that the company said may be in use as part of hacking campaigns. Qualcomm cited Google’s Threat Analysis Group, or TAG, which investigates government-backed cyberattacks, saying the three flaws “may be under limited, targeted exploitation.” According to ...