< ciso
brief />
Tag Banner

All news with #meta tag

48 articles · page 2 of 3

Meta Adds Anti-Scam Tools for WhatsApp, Facebook, Messenger

🔒 Meta is rolling out new anti-scam protections across its platforms, combining user-facing warnings and backend detection to stop fraud before users interact. WhatsApp will alert users to suspicious device-linking requests, while Facebook is testing flags for dubious friend requests and Messenger is expanding anti-scam reviews. Meta also deployed AI to detect impersonation, spoofed brands, and deceptive links, and reports removing over 159 million scam ads and taking down 10.9 million accounts in 2025.
read more →

Meta Disables 150K Accounts Tied to SE Asia Scam Rings

🚨Meta on Wednesday said it disabled over 150,000 accounts linked to scam centers in Southeast Asia as part of a coordinated, multinational enforcement effort with authorities across Asia, Europe, North America and Oceania. The action follows a December 2025 pilot that removed 59,000 accounts, Pages and Groups and led to six arrest warrants. Meta also announced new protections: suspicious-account warnings on Facebook, WhatsApp device-link alerts for QR-based scams, expanded AI-assisted scam detection on Messenger, and plans to broaden advertiser verification.
read more →

Facebook Suffers Worldwide Outage Blocking Account Access

⚠️ Users worldwide are reporting that Facebook is inaccessible, with many seeing a notice that their "account is temporarily unavailable" due to a site issue. Outages tracked by DownDetector began around 4:15 PM ET and appear global. Meta's status page, however, only lists High Disruptions for Facebook Ads Manager, Instagram Boost, and the WhatsApp Business API. Facebook has been contacted for comment; the incident remains under investigation.
read more →

Meta Sues Advertisers Over Celeb-Bait and Cloaking Scams

🛡️ Meta said it is suing deceptive advertisers in Brazil, China, and Vietnam, suspending their payment methods, disabling related accounts, and blocking domains used in scams. The company also issued cease-and-desist letters to eight marketing consultants accused of offering ways to evade ad-policy enforcement, including fake 'un-ban' services and renting access to trusted accounts. Meta highlighted targeted celeb‑bait schemes and cloaking tactics, and said its protections now cover more than 500,000 celebrity and public-figure images.
read more →

Smashing Security 455: Meta Glasses and Internet Kill Switch

🕶 In episode 455 Graham Cluley and guest James Ball discuss whether major online services and cloud providers could become geopolitical leverage, asking if nations might have a viable contingency 'Plan B' for tech sovereignty. They also probe reporting that Meta may be considering facial-recognition features for its smart glasses, raising fresh privacy and surveillance concerns. The conversation blends technical detail with policy implications and public trust.
read more →

Researcher Shows Private Instagram Profiles Leaking

🔍 A security researcher published evidence that some Instagram private profiles returned links to user photos and captions inside the page HTML, making them visible to unauthenticated visitors on certain mobile devices. Researcher Jatin Banga showed the polaris_timeline_connection JSON object embedded encoded CDN links pointing to images that should have been private. In tests of private accounts he controlled or had permission to use, about 28% exposed captions and CDN links. Banga reported the issue to Meta on October 12, 2025; Meta later closed the report as "not applicable" and did not provide a root-cause analysis, though the behavior ceased roughly October 16.
read more →

WhatsApp Launches Strict Account Settings Lockdown

🔒 Meta has begun rolling out a new WhatsApp feature called Strict Account Settings that provides lockdown-style protections for journalists, public figures, and other high-risk users. The option, enabled only from a user's primary device under Settings > Privacy > Advanced, enforces the strictest privacy controls, including mandatory two-step verification and blocking media and calls from unknown senders. It also hides profile data, disables link previews, and limits features that could expose users to sophisticated spyware. Meta said the feature is intended for the small number of users who face targeted, high-risk campaigns.
read more →

WhatsApp Introduces Strict Account Settings for Security

🔒 Meta announced a new Strict Account Settings mode on WhatsApp to protect high-risk users such as journalists and public figures by locking accounts to their most restrictive options. The mode, available under Settings > Privacy > Advanced, blocks attachments and media from unknown senders, silences unknown callers, and restricts additional features to reduce attack surface. Meta said the controls will roll out gradually over the coming weeks. The company also highlighted a global rollout of a Rust-based media library, wamedia, and other memory-safety hardening efforts to guard against spyware and memory corruption.
read more →

Instagram Denies Breach After 17M Account Data Leak Claims

🔐 Meta says it patched a bug that allowed an external party to mass-request Instagram password reset emails and denies any systems breach after claims that data from more than 17 million accounts was posted online. Malwarebytes warned customers of a 17.5M-account dump containing phone numbers, emails, addresses and Instagram IDs, though not every record includes all fields. Meta told reporters it is not aware of an API incident in 2022 or 2024, and Instagram accounts remain secure. Users should ignore unsolicited reset emails, enable two-factor authentication, and stay alert to phishing and smishing attempts.
read more →

Hackers Scan Misconfigured Proxies to Reach Paid LLMs

🔍 Threat actors have been probing misconfigured proxy servers to access paid large language model (LLM) endpoints, generating over 80,000 sessions since late December, according to GreyNoise. Attackers used low-noise queries to fingerprint models without triggering alerts and targeted vendors such as OpenAI, Anthropic, Google, Meta, Mistral and others. While GreyNoise reports no observed exploitation or data theft, the scale of enumeration indicates reconnaissance with possible malicious intent. Recommended mitigations include restricting Ollama model pulls to trusted registries, applying egress filtering, blocking known OAST callback domains at DNS, rate-limiting suspicious ASNs, and monitoring JA4 fingerprints.
read more →

Radar 2025 Year in Review: Top Internet Services and Trends

📊 Cloudflare’s Radar report summarizes the Top Internet Services of 2025 using anonymized DNS queries from the 1.1.1.1 resolver and a machine-learning ranking method. It highlights continued dominance by Google and Facebook, strong gains by generative AI like ChatGPT and emerging rivals, and regional shifts such as Kwai rising in emerging markets. The analysis spans nine categories and includes country-level Top 10s for local context. E-commerce momentum saw Shopee and Temu join Amazon in the global top three, while crypto, news, and streaming showed event-driven volatility.
read more →

Critical React2Shell RCE in React.js and Next.js Servers

⚠️React.js and Next.js servers are vulnerable to a critical remote code execution flaw dubbed React2Shell (CVE-2025-55182), disclosed to Meta on 29 November 2025. The bug targets server-side React Server Function endpoints and default Next.js App Router setups, enabling unauthenticated attackers to execute arbitrary code with a single HTTP request. Researchers report near‑100% exploitability in default configurations and published proof‑of‑concepts; security teams should upgrade affected packages to the fixed versions immediately and verify PoC sources before testing.
read more →

CISA Adds CVE-2025-55182 to Known Exploited Vulnerabilities

⚠️ CISA added CVE-2025-55182, a remote code execution vulnerability in Meta React Server Components, to the Known Exploited Vulnerabilities (KEV) Catalog after observing active exploitation. This type of RCE is a common and serious attack vector that poses significant risk to federal networks and other organizations. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by their due dates. CISA strongly urges all organizations to prioritize timely remediation and vulnerability management to reduce exposure.
read more →

Meta Expands WhatsApp Security Research Effort

🛡️ Meta has provided selected long‑time bug bounty researchers with a new tool, WhatsApp Research Proxy, to streamline analysis of WhatsApp's network protocol and reduce barriers to in‑depth research. The company is also running a pilot that invites research teams to focus on platform abuse with internal engineering and tooling support. Meta said it has paid more than $25 million to over 1,400 researchers in 15 years and recently added anti‑scraping protections after a study showed an account‑enumeration technique able to map billions of users.
read more →

Copy-Paste RCE Flaw Impacts Major AI Inference Servers

🔒 Cybersecurity researchers disclosed a chain of remote code execution (RCE) vulnerabilities affecting AI inference frameworks from Meta, NVIDIA, Microsoft and open-source projects such as vLLM and SGLang. The flaws stem from reused code that called ZeroMQ’s recv-pyobj() and passed data directly into Python’s pickle.loads(), enabling unauthenticated RCE over exposed sockets. Vendors have released patches replacing unsafe pickle usage with JSON-based serialization and adding authentication and transport protections. Operators are urged to upgrade to patched releases and harden ZMQ channels, restrict network exposure, and avoid deserializing untrusted data.
read more →

Phishing Campaign Uses Meta Business Suite to Target SMBs

📨 Check Point email security researchers uncovered a large-scale phishing campaign that abuses Meta's Business Suite and the facebookmail.com delivery domain to send convincing fake notifications. Attackers craft messages that appear to originate from Meta, allowing them to bypass many traditional security filters and increase the likelihood of SMBs across the U.S. and internationally engaging with malicious links or credential-stealing pages. Organizations should strengthen email defenses, monitor suspicious Business Suite activity, and educate staff to reduce exposure.
read more →

WhatsApp $1M Zero-Click Hack Mystery: Pwn2Own Outcome

🔐 A high-profile entry by a hacker known as ‘Eugene’ at Pwn2Own Ireland 2025 withdrew a claimed zero-click remote code execution exploit targeting WhatsApp, forfeiting the event’s $1 million top prize. Organizers Trend Micro ZDI say Team Z3 is sharing findings privately for coordinated disclosure to Meta, while WhatsApp reports no viable exploit was publicly demonstrated. The cancellation has fueled speculation about exploit readiness and underscores the role of responsible disclosure and rigorous triage before public demonstrations.
read more →

Meta launches new anti-scam tools for WhatsApp, Messenger

🛡️ Meta is rolling out new anti-scam features for Messenger and WhatsApp to help users detect and avoid fraud. Messenger testing includes AI-assisted scam detection that warns about suspicious new contacts and offers options to block, report, or submit messages for review. WhatsApp will display warnings about screen-sharing with unknown callers. These protections are enabled by default.
read more →

Meta Adds Scam Warnings to WhatsApp and Messenger Apps

🔒 Meta is rolling out new anti-scam features for WhatsApp and Messenger. On WhatsApp, users will receive warnings when attempting to share their screen with unknown contacts during video calls to help prevent accidental exposure of bank details or verification codes. On Messenger, an opt-in Scam detection setting flags potentially suspicious messages from unknown senders; detection runs on-device to preserve end-to-end encryption unless users choose to submit recent messages for AI review, which removes E2EE. Meta also said it has taken action against thousands of impersonating pages and disrupted millions of accounts tied to organized scam centers.
read more →

Class Action in Germany Targets Meta over 2021 Facebook Leak

⚖️ A German consumer association has launched a model declaratory action against Meta after data from more than 530 million Facebook users was posted on the dark web in April 2021. The Federation of German Consumer Organisations argues Meta failed to protect user data and to inform affected people adequately. Plaintiffs seek tiered compensation of €100–€600 and the Hanseatic Higher Regional Court will first address jurisdictional and formal matters in the hearing.
read more →