Ethical Hacking News
Meta's WhatsApp has issued a warning about a potential attack exploiting a zero-click vulnerability, while Microsoft enforces multi-factor authentication on Azure systems starting October 1st. Meanwhile, a vulnerability in FreePBX telco software and a ransomware attack on Nissan have highlighted the importance of timely patching and incident response.
A potential attack against specific WhatsApp users has been warned due to a zero-click vulnerability (CVE-2025-55177), potentially leading to unauthorized access or malicious activity. The vulnerability may have been exploited with another previously patched zero-click vulnerability (CVE-2025-43300), indicating commercial surveillanceware vendor involvement. A $1 million bounty for the WhatsApp flaw may be enticing potential exploiters, highlighting its value in cyber espionage. Microsoft will enforce multi-factor authentication on all Azure systems from October 1st to enhance security. A recent vulnerability in FreePBX telco software has been patched, but some customers have fallen victim to exploitation due to the CVSS-10 ranking flaw. Nissan's design subsidiary was hit by Qilin ransomware, and it will continue investigating and mitigating damage. Baltimore admitted to paying $1.5 million in a procurement scam, with almost half of the funds retrieved.
Meta's WhatsApp has issued a security advisory warning of a potential attack against specific targeted users, exploiting a zero-click vulnerability. The CVE-2025-55177 flaw allows an unrelated user to trigger the processing of content from an arbitrary URL on a target's device, potentially leading to unauthorized access or malicious activity.
According to Meta, the vulnerability may have been exploited in combination with another previously patched zero-click vulnerability, CVE-2025-43300, which was discovered by Apple and addressed last week. Donncha Ó Cearbhaill, head of Amnesty International's security lab, suggested that attackers used these flaws in a highly specialized attack, indicating that a commercial surveillanceware vendor is likely involved.
Surveillanceware is typically designed to target state criminals but can also be used against journalists, human rights activists, and other individuals deemed undesirable by governments. The mention of a $1 million bounty for the zero-click WhatsApp flaw may have piqued the interest of potential exploiters, highlighting the value of these vulnerabilities in the world of cyber espionage.
Meanwhile, Microsoft has announced that it will begin enforcing multi-factor authentication (MFA) on all Azure systems starting from October 1st. This change aims to enhance security and protect user accounts from unauthorized access. However, some customers who rely on specific configurations or service accounts may be exempt from this requirement, with the possibility of an extension until July 1st next year.
In other news, a recent vulnerability in the FreePBX telco software has been patched, but too late for some customers who have already fallen victim to exploitation. The CVSS-10 ranking flaw allowed attackers to manipulate database information and perform remote code execution, posing significant security risks.
Additionally, Nissan's design subsidiary Creative Box Inc has confirmed that it was hit by the Qilin ransomware group, which is known for its highly sophisticated attacks and complex tactics. The Japanese automaker will continue investigating the incident and taking measures to mitigate any further damage.
Lastly, Baltimore has admitted to paying $1.5 million in a procurement scam, with an attacker accessing the city's Workday account and redirecting payments to their own account. While not ideal, the city managed to retrieve almost half of the funds, demonstrating some resilience in the face of this security lapse.
Related Information:
https://www.ethicalhackingnews.com/articles/WhatsApp-Warns-of-Sophisticated-Attack-Exploiting-Zero-Click-Vulnerability-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/09/01/infosec_in_brief/
Published: Mon Sep 1 07:35:25 2025 by llama3.2 3B Q4_K_M
