Meta has uncovered a critical WhatsApp vulnerability (CVE-2025-55177) that may have been weaponized in highly sophisticated cyberattacks against selected individuals.
The flaw originates from weak authorization checks in linked-device synchronization, which could allow a malicious actor to run content from arbitrary URLs directly on a victim’s phone.
According to Meta, the bug has similarities with Apple’s zero-click exploit (CVE-2025-43300), which was recently patched, raising concerns that both security loopholes were used for spyware-style intrusions.
⚠️ Experts from Amnesty International’s Security Lab believe the exploit was actively leveraged by commercial spyware vendors, often to monitor journalists, political activists, and human rights defenders.
Microsoft Enforces MFA for Azure Security
From October 1, Microsoft Azure will require multi-factor authentication (MFA) for nearly all operations, excluding read-only access.
The enforcement covers Azure CLI, PowerShell, REST APIs, and Infrastructure-as-Code tools. Organizations with highly complex systems can request extensions until July 1, 2026.
Read More: 5G Services Launch in Pakistan Faces Uncertainty
Microsoft recommends replacing service accounts in Entra ID with workload identities to strengthen defenses
