Find notable cyber news and cases, enriched with sources, timelines, and signals.

GhostPairing WhatsApp pairing-code account-hijacking campaign

Campaign
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

GhostPairing is an active WhatsApp account-hijacking campaign that abuses the platform’s device-linking feature to take over accounts via pairing codes, creating a direct risk of impersonation and fraud. The operation was first spotted in Czechia and can spread to other regions as compromised accounts are reused to reach new targets. Once a victim links the attacker’s device, the attacker can read conversation history and shared media and send messages from the account. The campaign uses a deceptive Facebook-style lure and a legitimate pairing workflow to bypass the need for stolen passwords or other authentication bypasses.

Related Happenings

Meta For Business Facebook Messenger fake-verification phishing campaign

Campaign
H score29 First: 07.07.2026 10:00 Last: 07.07.2026 10:00 Sources 1

About this happening: A **phishing campaign** abused **Facebook Messenger chatbots** and fake verification lures to steal **Meta For Business** credentials and sensitive identity data, creating account...

WhatsApp VBScript phishing campaign targeting users in multiple countries

Campaign
H score43 First: 23.06.2026 01:42 Last: 23.06.2026 01:42 Sources 1

About this happening: An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...

WhatsApp contempt motion against NSO Group

Regulatory/Legal Action
H score33 First: 09.06.2026 11:15 Last: 09.06.2026 11:15 Sources 1

About this happening: WhatsApp moved the **US court** to hold **NSO Group** in contempt over a **permanent injunction** tied to spyware targeting of users. The company says NSO violated the order by us...

NSO Group WhatsApp spear-phishing campaign

Campaign
H score37 First: 08.06.2026 20:08 Last: 08.06.2026 20:08 Sources 1

About this happening: **NSO Group** remains tied to a **WhatsApp** spear-phishing **campaign** that used **malicious links** to push targets to external websites outside the app. On **June 8**, WhatsAp...

Instagram accounts for Obama White House hit by account takeover attack

Incident
H score40 First: 01.06.2026 20:32 Last: 01.06.2026 20:32 Sources 1

About this happening: The **Instagram** accounts for the **Obama White House** and the **Chief Master Sergeant of the U.S. Space Force** were briefly **defaced** after attackers abused **Meta’s AI supp...

Timeline

  1. 17.12.2025 21:14 2 articles · 6mo ago

    GhostPairing WhatsApp account-hijacking campaign first spotted in Czechia

    Initial Disclosure

    Gen Digital describes GhostPairing as a WhatsApp account-hijacking campaign that abuses WhatsApp’s legitimate device-linking feature and pairing codes to take over WhatsApp user accounts without needing authentication. The lure uses a fake Facebook verification page on typosquatted or similar-looking domains, and the campaign was first spotted in Czechia while retaining the ability to spread to other regions through compromised accounts; once a victim links the attacker’s browser, the attacker can read conversation history and shared media and may use the account for impersonation or fraud.

    Show sources