🚨 BREAKING: New zero-click exploit used to hack WhatsApp users.
WhatsApp has just sent out a round of threat notifications to individuals they believe where targeted by an advanced spyware campaign in past 90 days.
Seek out expert help if you have received this alert pic.twitter.com/i4cHLsiNOr[3]
— Donncha Ó Cearbhaill (@DonnchaC) August 29, 2025[4]
One of the problems sat inside WhatsApp’s handling of device sync. That weakness, recorded as CVE-2025-55177, could be used to push malicious content from the outside. On its own, it was serious, but not catastrophic. The real damage came when it was combined with an Apple vulnerability in the ImageIO framework, a bug Apple fixed a week earlier. That issue, tracked as CVE-2025-43300, could corrupt memory if the system processed a tainted image. Put the two together and you had what researchers call a zero-click chain, an exploit that required no taps, no clicks, no mistakes from the victim.
Amnesty International’s Security Lab says the activity began in late May and ran through the summer. A limited number of WhatsApp accounts, under two hundred, according to Meta, received direct warning messages telling them to reset devices and update both iOS and WhatsApp to stay protected. The advice included factory resets in some cases, since spyware infections can linger even after a simple update.
Nobody has said publicly who was responsible. Meta and Apple have both declined to name a vendor or a government, but the attack bears the usual signs of commercial surveillance tools, the kind often used on journalists, activists, or people in politics.
WhatsApp has faced this kind of issue before. Earlier this year, the platform blocked a smaller campaign that hit around ninety people across Europe. And in a separate case, a U.S. court ordered NSO Group to pay damages over its 2019 campaign that planted Pegasus spyware on more than a thousand WhatsApp accounts.
This latest incident reinforces an uncomfortable truth: even devices running the newest patches can be compromised if attackers chain together fresh flaws. For everyday users, updates remain the first line of defence, but for high-risk groups, the danger never fully goes away.
Notes: This post was edited/created using GenAI tools. Image: DIW-Aigen.
Read next: Meta Tightens AI Chatbot Rules for Teens Amid Safety Concerns[6]
References
- ^ WhatsApp (www.whatsapp.com)
- ^ Apple’s software (support.apple.com)
- ^ pic.twitter.com/i4cHLsiNOr (t.co)
- ^ August 29, 2025 (twitter.com)
- ^ recorded as CVE-2025-55177 (nvd.nist.gov)
- ^ Meta Tightens AI Chatbot Rules for Teens Amid Safety Concerns (www.digitalinformationworld.com)