CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

WhatsApp zero-click vulnerability exploited in targeted attacks

First reported
Last updated
πŸ“° 2 unique sources, 2 articles

Summary

Hide β–²

WhatsApp patched a zero-click vulnerability (CVE-2025-55177) in its iOS and macOS clients. The flaw allowed attackers to trigger content processing from arbitrary URLs on targeted devices. The vulnerability was exploited in combination with an OS-level flaw (CVE-2025-43300) on Apple platforms in sophisticated attacks against specific users. The flaw affects WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78. Users were advised to perform a device factory reset and update their operating systems and software. The vulnerability was patched on July 28, 2025, for WhatsApp for iOS and on August 4, 2025, for WhatsApp Business for iOS and WhatsApp for Mac. The attacks targeted less than 200 users, including civil society individuals, and are suspected to be part of an advanced spyware campaign.

Timeline

  1. 29.08.2025 19:31 πŸ“° 2 articles Β· ⏱ 18d ago

    Zero-click vulnerability in WhatsApp exploited in targeted attacks

    The vulnerability (CVE-2025-55177) is a case of insufficient authorization of linked device synchronization messages. The flaw was patched on July 28, 2025, for WhatsApp for iOS and on August 4, 2025, for WhatsApp Business for iOS and WhatsApp for Mac. The flaw was exploited in combination with CVE-2025-43300, an out-of-bounds write vulnerability in the ImageIO framework. The attacks targeted less than 200 users, including civil society individuals, and are suspected to be part of an advanced spyware campaign.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Fourth Spyware Campaign Targeting French Apple Users in 2025

Apple has notified French users of a fourth spyware campaign in 2025. The Computer Emergency Response Team of France (CERT-FR) confirmed the alerts on September 3, 2025. The campaign targets individuals based on their status or function, including journalists, lawyers, activists, politicians, and senior officials. The alerts are part of a series of notifications sent throughout the year, with previous alerts on March 5, April 29, and June 25. These alerts indicate that at least one device linked to the users' iCloud accounts may have been compromised in highly-targeted attacks. The campaign follows a previous incident involving a security flaw in WhatsApp (CVE-2025-55177) and an Apple iOS bug (CVE-2025-43300), which were used in zero-click attacks. Apple has been sending these notifications since November 2021. Apple introduced Memory Integrity Enforcement (MIE) in the latest iPhone models to combat memory corruption vulnerabilities.

Open in new tab

Akira Ransomware Group Exploits SonicWall SSL VPN Flaws

The Akira ransomware group has been actively exploiting SonicWall SSL VPN flaws and misconfigurations to gain initial access to networks. This campaign has seen increased activity since late July 2025, targeting SonicWall devices to facilitate ransomware operations. The group leverages a combination of security vulnerabilities, including a year-old flaw (CVE-2024-40766) and misconfigured LDAP settings, to bypass access controls and infiltrate networks. Organizations are advised to rotate passwords, remove unused accounts, enable multi-factor authentication, and restrict access to the Virtual Office Portal to mitigate risks. The Australian Cyber Security Centre (ACSC) has acknowledged Akira's targeting of SonicWall SSL VPNs and issued alerts about the increased exploitation of CVE-2024-40766.

Open in new tab

Microsoft September 2025 Patch Tuesday fixes 81 vulnerabilities, including two zero-days

Microsoft released updates for 80 vulnerabilities on September 2025 Patch Tuesday. None of these vulnerabilities were zero-days. The updates address eight critical flaws, including five remote code execution vulnerabilities, one information disclosure, and two elevation of privilege vulnerabilities. The vulnerabilities span various categories: 38 elevation of privilege, 2 security feature bypass, 22 remote code execution, 14 information disclosure, 3 denial of service, and 1 spoofing. One zero-day vulnerability was fixed in Windows SMB Server. The updates also include hardening features for SMB Server to mitigate relay attacks, with recommendations for administrators to enable auditing. The patch includes 38 elevation of privilege vulnerabilities, the highest number among all categories. CVE-2025-54918 is an EoP vulnerability in Windows NT LAN Manager (NTLM) marked as critical. CVE-2025-54111 and CVE-2025-54913 are EoP flaws in Windows UI XAML, allowing privilege escalation via phished credentials or malicious Microsoft Store apps. CVE-2025-55232 is an RCE vulnerability in the Microsoft High Performance Compute (HPC) Pack with a CVSS score of 9.8. CVE-2025-54916 is an RCE vulnerability in Windows NTFS that can be triggered by authenticated users. Microsoft's patch update includes recommendations for preparing for the end-of-life of Windows 10 and mandatory multifactor authentication (MFA) for Azure in October 2025.

Open in new tab

Critical SessionReaper flaw in Adobe Commerce and Magento Open Source patched

Adobe has patched a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms, dubbed SessionReaper. The flaw could allow unauthenticated attackers to take control of customer accounts via the Commerce REST API. The vulnerability was disclosed to selected customers on September 4, 2025, with a patch released on September 9, 2025. Adobe Commerce on Cloud users were protected by a WAF rule until the patch was available. The flaw is considered one of the most severe in the history of the platform, potentially leading to session forging, privilege escalation, and code execution. No exploitation in the wild has been reported, but a hotfix was leaked, which could accelerate exploitation attempts. The vulnerability impacts various versions of Adobe Commerce, Adobe Commerce B2B, Magento Open Source, and the Custom Attributes Serializable module. Adobe has also patched a critical path traversal vulnerability in ColdFusion (CVE-2025-54261).

Open in new tab

Critical SAP NetWeaver vulnerabilities patched, including remote code execution flaw

SAP has fixed 21 vulnerabilities, including three critical flaws in its NetWeaver software. The most severe, CVE-2025-42944, is an insecure deserialization flaw allowing unauthenticated remote code execution. The second critical flaw, CVE-2025-42922, enables arbitrary file uploads by authenticated users. The third, CVE-2025-42958, allows unauthorized access to sensitive data and administrative functions. The vulnerabilities affect various SAP products, including ERP, CRM, SRM, and SCM, which are widely used in large enterprise networks. The flaws could lead to full system compromise and unauthorized data manipulation. SAP products are frequently targeted by threat actors due to their handling of mission-critical data. A high-severity missing input validation bug in SAP S/4HANA (CVE-2025-42916) could allow an attacker with high privilege access to delete the content of arbitrary database tables. A critical security defect in SAP S/4HANA (CVE-2025-42957) has come under active exploitation in the wild.

Open in new tab