Latest news with #CVE-2025-30401
Morocco World
16-04-2025
- Morocco World
Morocco's DGSSI Warns of Critical WhatsApp Windows Vulnerability
Doha – Morocco's General Directorate of Information Systems Security (DGSSI) issued a security bulletin warning citizens about a critical vulnerability in WhatsApp's Windows application that could allow remote attackers to execute malicious code. The security flaw, tracked as CVE-2025-30401, affects all WhatsApp versions prior to 2.2450.6 on Windows operating systems, according to the bulletin released by the Center for Monitoring, Detection and Response to Computer Attacks. Meta, WhatsApp's parent company, acknowledged the vulnerability in its security advisory, stating that 'a maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp.' The DGSSI has urged all Moroccan users to immediately update their WhatsApp applications by referring to Meta's security bulletin and installing the necessary patches. Issued amid rising cybersecurity threats, the warning follows a wave of cyberattacks on Moroccan government platforms that exposed sensitive data and compromised digital infrastructure. In a separate advisory, the DGSSI also cautioned about a critical vulnerability affecting WordPress websites using the 'SureTriggers' plugin versions prior to 1.0.79, documented under vulnerability identifier CVE-2025-3102. The country has faced an increasingly unstable cybersecurity environment in recent days, with the National Social Security Fund (CNSS) suffering a major breach. The Algerian hacking group 'JabaRoot DZ' claimed responsibility for the attack, which reportedly resulted in the exposure of salary information of 2 million individuals across 500,000 companies. This incident was followed by a series of retaliatory attacks, including distributed denial-of-service (DDoS) campaigns. Most recently, the Algerian group DDOS54 launched what they described as a 'major campaign' against Moroccan government systems, affecting several ministerial websites, including the Ministry of Agriculture's portal and the national tax portal Addressing the WhatsApp vulnerability, security consultants described it as 'a particularly nasty vulnerability for the everyday user,' noting that it could be exploited for data theft, malware deployment, account hijacking, identity theft, or virtually any action a malicious actor chooses to carry out. The DGSSI's latest warnings reflect an ongoing national effort to monitor digital vulnerabilities and protect users against the rising tide of cyberattacks targeting Moroccan institutions and citizens. Read also: Moroccan Authorities Warn of Unauthorised Use of Personal Data Following CNSS Leak Tags: CybersecurityDGSSIWhatsApp
Forbes
09-04-2025
- Forbes
New WhatsApp Warning—Update Now To Fix Security Flaw
WhatsApp has issued a new warning to update now after fixing a flaw that could allow attackers to ... More plant malware on your device. WhatsApp has issued a new warning to update now after fixing a flaw that could allow attackers to plant malware on your device. Tracked as CVE-2025-30401, the spoofing issue could see adversaries deploy malware via an attachment such as an image. The vulnerability, which affects WhatsApp for Windows Desktop prior to 2.2450.6, impacts users interacting with attachments sent through the platform. The spoofing issue stems from a fundamental flaw in how WhatsApp for Windows processes file attachments. 'A maliciously crafted mismatch could have caused the recipient to inadvertently execute arbitrary code rather than view the attachment when manually opening the attachment inside WhatsApp,' WhatsApp owner Meta said in a security advisory. WhatsApp has come under fire recently after adding an AI assistant to the app that can't be removed. The latest warning is a reminder that WhatsApp's billions of users that the app is increasingly targeted by cyber attackers keen to take advantage of its customer base. I contacted WhatsApp owner Meta for a statement and will update this article if the firm responds. There's no doubt about it, the WhatsApp flaw is nasty, making it important you update as soon as you can. Adam Brown, managing security consultant at Black Duck calls the new WhatsApp flaw 'a particularly nasty vulnerability for the everyday user.' The WhatsApp issue would allow a malicious program to easily be disguised as an attached image file, Brown says. 'When the user clicks on the attachment in WhatsApp Web for Windows, the program executes on their Windows machine. A malicious attachment could be used for data theft, running malware or spreading it, account and identity theft, or anything a nefarious actor chooses.' Everyone should be careful when clicking on attachments — even from people they know — and Windows users of WhatsApp should be especially vigilant, says Brown. Windows WhatsApp users should upgrade to version 2.2450.6 or later to fix the issue. The vulnerability must not be taken lightly and users should update their software to the newest version now, says Dr Martin Kraemer, security awareness advocate at KnowBe4. He advises people to be extremely careful when opening attachments or files. 'Think of WhatsApp the same way as email. You would not want to open an unexpected email attachment, especially not from someone you do not know. You also would not want to forward attachments that pose risks to friends or family. If in doubt, delete the message and file.' So if you use WhatsApp on your Windows device, it's time to update it now. Meanwhile, always be careful what you click on, whether via WhatsApp, email, or another app, and only open images and files from people you trust.
