Application security Zero-click attack hijacks WhatsApp accounts on iOS 16 May 26, 2026 Share By SC Staff (Adobe Stock) As reported by Security Affairs, a sophisticated zero-click attack has been targeting iPhones running iOS 16, allowing threat actors to hijack WhatsApp accounts without any user interaction, linked devices, or notifications, according to Italian digital forensics firm Forenser. The attack exploits vulnerabilities in iOS 16, specifically CVE-2025-43300 within the ImageIO framework and potentially CVE-2025-55177, to gain unauthorized access to WhatsApp sessions. Attackers can extract cryptographic material to instantiate a new WhatsApp client, enabling them to send messages, often requesting money transfers, from the victim's account. This occurs without the victim's knowledge and without appearing in the "Linked Devices" section of the WhatsApp app. The continuous "resync" events observed in device logs indicate a session contention between the legitimate user and the attacker. While traditional security measures are ineffective against zero-click exploits, updating iOS to the latest version is the primary mitigation. Users are also advised to lock their chats, update the WhatsApp app, or reinstall it. If a suspicious money request is received, users should call the contact directly rather than replying in the chat. This incident highlights the increasing sophistication of financially motivated cybercrime, leveraging zero-day exploits against a wide user base running unpatched operating systems. Source: Security Affairs SC Staff Related DevSecOps Organizations knowingly ship vulnerable code amid shrinking exploit windows SC Staff May 22, 2026 New research from Checkmarx reveals that 75% of organizations admit to frequently or sometimes deploying code they are aware is vulnerable. Application security Trapdoor ad fraud campaign used hundreds of Android apps SC Staff May 22, 2026 The Trapdoor campaign initially distributed seemingly legitimate utility apps, such as PDF readers, through the Google Play Store. Application security APIs under pressure: How AI is rewriting the rules of enterprise security Paul Wagenseil May 20, 2026 The rapid growth of AI has created an explosion of APIs that will require new techniques to manage. Related Events Cybercast CISO Stories: AI Security (Blackhat Preview) – Arctic Wolf Thu Jul 9 Cybercast Protecting Application User Data for Better Privacy, Governance, and Compliance On-Demand Event Cybercast The Next Evolution of Application Security: AI- Accelerated DevSecOps On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Banner Browser Cache Cramming Common Gateway Interface (CGI) Client Cookie DLL Injection Dynamic Link Library You can skip this ad in 5 seconds