All news with #meta tag

🔍 Meta’s smart glasses were found to upload audio and video to contractors in Nairobi for human labelling, prompting the dismissal of 1,108 workers after whistleblowers exposed the practice. The episode contrasts that privacy failure with a measured analysis of the Linux Copy Fail privilege‑escalation issue and an experiment by Jake Moore demonstrating how a convincing deepfake passed a remote job interview. Practical takeaways include patching kernels promptly, strengthening hiring verification, and demanding clearer vendor transparency.

📢 The FTC reports Americans lost more than $2.1 billion to social media scams in 2025, an eightfold increase since 2020. Facebook accounted for the largest share of reported losses across most age groups, while WhatsApp and Instagram trailed. The agency warns scammers exploit hacked accounts, targeted posts, and paid ads to reach victims at scale. Meta removed millions of scam ads and accounts and rolled out new warnings and protections.

🔍 LinkedIn was found to inject hidden JavaScript that fingerprints visitors' browsers, testing for over 6,000 Chrome extensions and collecting device and system details such as CPU cores, memory, screen resolution, timezone, battery status, audio information, and storage features. Researchers say the script links extension presence to identifiable profiles; LinkedIn confirms extension detection but insists it is used to stop scraping and protect platform stability. BleepingComputer observed a randomized script file performing the checks but could not verify claims about downstream sharing or commercial use.

🔍 A new report named BrowserGate alleges that LinkedIn injects hidden JavaScript into user sessions to probe browsers for installed extensions and collect device characteristics. BleepingComputer independently observed a randomized script that attempted to detect 6,236 extensions by checking extension resource URLs and also harvested CPU, memory, screen, timezone, battery, audio, and storage details. LinkedIn says it looks for extensions that scrape content or violate its Terms and uses detection to inform defenses and enforcement, while the report warns this scanning could map competitors' customers and enable profiling. The use and sharing of the collected data have not been independently verified.

⚠️ Meta-owned WhatsApp said it alerted about 200 users, largely in Italy, who were fooled into installing a counterfeit iOS app infected with spyware. The company logged affected accounts out, advised victims to uninstall the malicious app and reinstall the official WhatsApp client, and said it is taking action against Italian firm Asigint, an alleged SIO subsidiary. The alert follows earlier campaigns targeting users with Graphite and chained zero-day exploits in 2025, highlighting persistent misuse of surveillance tools in Europe.

🤖 WhatsApp is rolling out several usability and AI-driven features, including a Writing Help reply assistant that uses Private Processing, and photo touch-up powered by Meta AI. The update also enables two accounts on iOS, a chat history transfer from iOS to Android, and a utility to locate and remove large media. Meta has also expanded anti-scam protections and introduced parent-managed accounts and a lockdown security mode for high-risk users.

🤝 Google announced it has signed the Industry Accord Against Online Scams & Fraud with major industry partners including Adobe, Amazon, LinkedIn, Meta, Microsoft and OpenAI. The agreement commits participants to unify capabilities, share threat intelligence and coordinate defenses against sophisticated, cross-border scam networks. Google said it will expand technical support and deploy AI-driven detection tools, building on $15 million in Google.org funding. In 2026 the company will share more through the Global Signal Exchange and publish guides on data sharing, private sector referrals to law enforcement, and public policy frameworks.

🔒 Meta will discontinue support for end-to-end encryption for Instagram chats after May 8, 2026, and says affected users will receive instructions to download any messages or media they wish to keep. The company notes some users may need to update older versions of the app before downloading impacted chats. The encrypted-direct-messaging feature was first tested in 2021 and remains available only in select regions and not enabled by default.

🔒 WhatsApp has begun rolling out parent-managed accounts for pre-teens, enabling guardians to control who can contact their child and which groups they can join. These managed profiles limit the child to messaging and calling, exclude access to Meta AI, Channels, Status, and location sharing, and preserve end-to-end encryption so messages cannot be read by third parties. Setup requires both devices present: parents verify the child's number, scan a QR code to link accounts, and set a 6-digit PIN to lock parental controls. By default children can message only saved contacts and parents must approve group additions; the child can switch to a standard account at 13.

🔒 Meta is rolling out new anti-scam protections across its platforms, combining user-facing warnings and backend detection to stop fraud before users interact. WhatsApp will alert users to suspicious device-linking requests, while Facebook is testing flags for dubious friend requests and Messenger is expanding anti-scam reviews. Meta also deployed AI to detect impersonation, spoofed brands, and deceptive links, and reports removing over 159 million scam ads and taking down 10.9 million accounts in 2025.

🚨Meta on Wednesday said it disabled over 150,000 accounts linked to scam centers in Southeast Asia as part of a coordinated, multinational enforcement effort with authorities across Asia, Europe, North America and Oceania. The action follows a December 2025 pilot that removed 59,000 accounts, Pages and Groups and led to six arrest warrants. Meta also announced new protections: suspicious-account warnings on Facebook, WhatsApp device-link alerts for QR-based scams, expanded AI-assisted scam detection on Messenger, and plans to broaden advertiser verification.

⚠️ Users worldwide are reporting that Facebook is inaccessible, with many seeing a notice that their "account is temporarily unavailable" due to a site issue. Outages tracked by DownDetector began around 4:15 PM ET and appear global. Meta's status page, however, only lists High Disruptions for Facebook Ads Manager, Instagram Boost, and the WhatsApp Business API. Facebook has been contacted for comment; the incident remains under investigation.

🛡️ Meta said it is suing deceptive advertisers in Brazil, China, and Vietnam, suspending their payment methods, disabling related accounts, and blocking domains used in scams. The company also issued cease-and-desist letters to eight marketing consultants accused of offering ways to evade ad-policy enforcement, including fake 'un-ban' services and renting access to trusted accounts. Meta highlighted targeted celeb‑bait schemes and cloaking tactics, and said its protections now cover more than 500,000 celebrity and public-figure images.

🕶 In episode 455 Graham Cluley and guest James Ball discuss whether major online services and cloud providers could become geopolitical leverage, asking if nations might have a viable contingency 'Plan B' for tech sovereignty. They also probe reporting that Meta may be considering facial-recognition features for its smart glasses, raising fresh privacy and surveillance concerns. The conversation blends technical detail with policy implications and public trust.

🔍 A security researcher published evidence that some Instagram private profiles returned links to user photos and captions inside the page HTML, making them visible to unauthenticated visitors on certain mobile devices. Researcher Jatin Banga showed the polaris_timeline_connection JSON object embedded encoded CDN links pointing to images that should have been private. In tests of private accounts he controlled or had permission to use, about 28% exposed captions and CDN links. Banga reported the issue to Meta on October 12, 2025; Meta later closed the report as "not applicable" and did not provide a root-cause analysis, though the behavior ceased roughly October 16.

🔒 Meta has begun rolling out a new WhatsApp feature called Strict Account Settings that provides lockdown-style protections for journalists, public figures, and other high-risk users. The option, enabled only from a user's primary device under Settings > Privacy > Advanced, enforces the strictest privacy controls, including mandatory two-step verification and blocking media and calls from unknown senders. It also hides profile data, disables link previews, and limits features that could expose users to sophisticated spyware. Meta said the feature is intended for the small number of users who face targeted, high-risk campaigns.

🔒 Meta announced a new Strict Account Settings mode on WhatsApp to protect high-risk users such as journalists and public figures by locking accounts to their most restrictive options. The mode, available under Settings > Privacy > Advanced, blocks attachments and media from unknown senders, silences unknown callers, and restricts additional features to reduce attack surface. Meta said the controls will roll out gradually over the coming weeks. The company also highlighted a global rollout of a Rust-based media library, wamedia, and other memory-safety hardening efforts to guard against spyware and memory corruption.

🔐 Meta says it patched a bug that allowed an external party to mass-request Instagram password reset emails and denies any systems breach after claims that data from more than 17 million accounts was posted online. Malwarebytes warned customers of a 17.5M-account dump containing phone numbers, emails, addresses and Instagram IDs, though not every record includes all fields. Meta told reporters it is not aware of an API incident in 2022 or 2024, and Instagram accounts remain secure. Users should ignore unsolicited reset emails, enable two-factor authentication, and stay alert to phishing and smishing attempts.

🔍 Threat actors have been probing misconfigured proxy servers to access paid large language model (LLM) endpoints, generating over 80,000 sessions since late December, according to GreyNoise. Attackers used low-noise queries to fingerprint models without triggering alerts and targeted vendors such as OpenAI, Anthropic, Google, Meta, Mistral and others. While GreyNoise reports no observed exploitation or data theft, the scale of enumeration indicates reconnaissance with possible malicious intent. Recommended mitigations include restricting Ollama model pulls to trusted registries, applying egress filtering, blocking known OAST callback domains at DNS, rate-limiting suspicious ASNs, and monitoring JA4 fingerprints.

📊 Cloudflare’s Radar report summarizes the Top Internet Services of 2025 using anonymized DNS queries from the 1.1.1.1 resolver and a machine-learning ranking method. It highlights continued dominance by Google and Facebook, strong gains by generative AI like ChatGPT and emerging rivals, and regional shifts such as Kwai rising in emerging markets. The analysis spans nine categories and includes country-level Top 10s for local context. E-commerce momentum saw Shopee and Temu join Amazon in the global top three, while crypto, news, and streaming showed event-driven volatility.