CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

WhatsApp Introduces Lockdown-Style Security Mode for High-Risk Users

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

WhatsApp is rolling out a new security feature called Strict Account Settings to protect high-risk users, such as journalists and public figures, from advanced cyber attacks and spyware. This feature locks account settings to the most restrictive options and blocks media from unknown senders. Additionally, WhatsApp is adopting the Rust programming language for media sharing to enhance security and mitigate memory safety issues. The feature is gradually being rolled out and includes extreme safeguards such as two-step verification, blocking media from unknown senders, silencing calls from unknown people, and turning off link previews. WhatsApp has also patched zero-day vulnerabilities and faced legal actions against the NSO Group for spyware attacks.

Timeline

  1. 28.01.2026 13:48 1 articles · 23h ago

    WhatsApp Patches Zero-Day Vulnerabilities and Faces Legal Actions

    WhatsApp has patched a zero-day vulnerability in its iOS and macOS messaging clients in August, which was exploited in targeted zero-click attacks. In November 2024, court documents revealed that the NSO Group allegedly deployed several zero-day exploits even after being sued by WhatsApp. In May 2025, the NSO Group was fined $167 million for spyware attacks that targeted 1,400 WhatsApp users in 2019.

    Show sources
    Open in new tab
  2. 27.01.2026 18:54 2 articles · 1d ago

    WhatsApp Rolls Out Lockdown-Style Security Mode

    WhatsApp is introducing a new security feature called Strict Account Settings to protect high-risk users from advanced cyber attacks and spyware. The feature locks account settings to the most restrictive options and blocks media from unknown senders. Additionally, WhatsApp is adopting the Rust programming language for media sharing to enhance security and mitigate memory safety issues. The feature can be enabled only from the user's primary device under Settings > Privacy > Advanced. Once enabled, it applies the most restrictive privacy controls, including turning on two-step verification, blocking media and attachments from unknown senders, silencing calls from unknown people, turning off link previews, locking access to last seen and online information, profile photo, About details, and profile links, and limiting other features that could expose users to attacks. WhatsApp is gradually rolling out the Strict Account Settings feature over the coming weeks.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Active Spyware Campaigns Targeting High-Value Signal and WhatsApp Users

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert warning of active spyware campaigns targeting high-value Signal and WhatsApp users. These campaigns leverage sophisticated social engineering and zero-click exploits to compromise mobile devices and exfiltrate sensitive data. The targets include government officials, military personnel, political figures, and civil society organizations across the U.S., Middle East, and Europe. A new campaign, dubbed GhostPairing, abuses the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes. This campaign was first spotted in Czechia but has the potential to spread to other regions. The attack involves tricking victims into linking an attacker's browser to their WhatsApp device, granting the attacker full access to the account without requiring any authentication.

Open in new tab

Global WhatsApp Hijacking Campaign Exploits Session Hijacking and Account Takeover

A widespread WhatsApp hacking campaign, dubbed HackOnChat, is targeting users globally through deceptive authentication portals and impersonation pages. The campaign leverages social engineering tactics to hijack active WhatsApp Web sessions and take over accounts. Attackers use fake security alerts, WhatsApp Web lookalike portals, and spoofed group-invite messages to trick users into compromising their accounts. The campaign has seen a surge in activity across the Middle East and Asia, with thousands of malicious URLs deployed rapidly through inexpensive top-level domains and modern website-building platforms. Once control is gained, attackers exploit the compromised accounts to target the victim's contacts, requesting money or sensitive information. They also sift through messages, media, and documents for personal, financial, or private data, which can be used for fraud, impersonation, or extortion. The compromised accounts are often used to send phishing messages, spreading the scam further.

Open in new tab

WhatsApp Zero-Day Exploited in Targeted Attacks

A zero-day vulnerability in WhatsApp (CVE-2025-55177) was exploited in targeted attacks against specific users, chained with a separate iOS flaw (CVE-2025-43300). The flaw allowed unauthorized users to trigger content processing from arbitrary URLs on targeted devices. Apple issued threat notifications to users targeted in mercenary spyware attacks, which included individuals based on their status or function, such as journalists, lawyers, activists, politicians, and senior officials. The attacks highlight the risks of chaining multiple vulnerabilities to compromise targets, emphasizing the need for comprehensive security measures. WhatsApp patched the issue and notified affected users. Apple has sent threat notifications multiple times a year since 2021, alerting users in over 150 countries, including a fourth campaign in France in 2025. The attacks began with the exploitation of the WhatsApp zero-day vulnerability, which was chained with an iOS flaw in sophisticated attacks. Apple has been issuing threat notifications to users targeted in these attacks, advising them to enable Lockdown Mode and seek emergency security assistance. Apple introduced Memory Integrity Enforcement (MIE) in the latest iPhone models to combat memory corruption vulnerabilities, and the number of U.S. investors in spyware and surveillance technologies has increased significantly.

Open in new tab