A WhatsApp security flaw has alarmed millions after reports confirmed that journalists, activists, and human rights defenders were hit by advanced spyware attacks.
Experts caution that the loophole could allow hackers to steal data from victims’ devices through malicious URLs. The flaw is tied to Apple’s zero-click bug CVE-2025-43300, sparking concerns of broad surveillance campaigns.
Meanwhile, Microsoft announced it will enforce multi-factor authentication (MFA) for nearly all Azure accounts, covering Azure CLI, PowerShell, REST API, and IaC tools, with read-only access as the only exemption. Organizations facing complex setups may apply for extensions until July 2026, but security analysts warn that accounts without MFA remain highly vulnerable.
In another development, hackers are actively exploiting a CVSS 10 flaw in the FreePBX open-source system, enabling remote code execution and database manipulation. Emergency patches were issued for versions 15, 16, and 17, while older systems are left exposed. The US CISA has urged immediate updates and monitoring for unauthorized accounts.
Separately, Nissan confirmed that its design arm, Creative Box Inc., was breached by the Qilin ransomware group, infamous for large-scale extortion campaigns.
A recent alert was issued by PTA About WhatsApp Scam Messages in Pakistan
