Meta has revealed a new WhatsApp security flaw tracked as CVE-2025-55177, which may have been used in targeted spyware-style attacks. The vulnerability comes from incomplete authorization in linked device synchronization messages, which could let attackers process malicious content from a victim’s device.
Meta warned that this flaw may have been used alongside Apple’s recently patched zero-click bug CVE-2025-43300. Amnesty International’s Security Lab suggested the exploit is likely connected to commercial surveillance tools used against journalists, activists, and political dissidents.
In other cybersecurity updates, Microsoft has announced that starting October 1, multi-factor authentication (MFA) will be required for nearly all Azure operations, including CLI, PowerShell, REST API, and infrastructure-as-code tools. Exceptions apply only to read-only access, with extensions possible until July 1, 2026. Microsoft said MFA is now the baseline for cloud security.
Also Read: Donald Trump Promises Voter ID Rule for All Us Elections
Nissan also confirmed that its design unit, Creative Box Inc., was hit by the Qilin ransomware gang. Some design data was leaked, but investigations are still ongoing. Qilin is known for aggressive extortion methods and has been linked to severe service disruptions.
Meanwhile, the City of Baltimore reported losing $1.5 million after fraudsters compromised a vendor’s Workday account and changed banking details. About half of the stolen funds were recovered, but insurers refused to cover the remaining loss, citing weak financial controls.
The FreePBX project issued an emergency patch for a critical CVSS 10 vulnerability that allows remote code execution and database tampering. Versions 15, 16, and 17 are patched, but older versions remain vulnerable. U.S. CISA has urged administrators to update immediately and check for rogue “ampuser” accounts.
Other key developments include AWS detecting a Russian hacking group, Cozy Bear trying to steal Microsoft credentials, the Pentagon ending Microsoft’s use of China-based support staff for cloud systems, criticism of the UK government after an Afghan data leak, and a researcher shifting from exploiting McDonald’s app flaws to testing vulnerabilities in Chinese restaurant robots.
