WhatsApp Warns Users About Security Flaws: File Spoofing and Malicious URLs

Anuj May 5, 2026
www.news4hackers.com-whatsapp-warns-users-about-security-flaws-file-spoofing-and-malicious-urls-whatsapp-warns-users-about-security-flaws-file-spoofing-and-malicious-urls
Post Views: 149

Cybersecurity Firm Discovers File Spoofing and Arbitrary URL Scheme Vulnerabilities

A recently released security advisory from a prominent technology company details two newly patched vulnerabilities affecting their popular messaging application.

  • The first vulnerability, identified as CVE-2026-23863, is a medium-severity issue impacting versions of the software prior to 2.3000.1032164386.258709. By exploiting this flaw, an attacker could create a maliciously formatted document containing NUL bytes in its filename. When received as an attachment, the recipient would view it as innocuous, but it would execute as a program upon opening.
  • The second vulnerability, designated as CVE-2026-23866, has a medium-impact rating and affects both iOS and Android versions of the messaging app. Incomplete validation of AI-rich response messages for Instagram Reels could potentially enable an attacker to trigger processing of media content from an arbitrary URL on another user’s device. This could lead to redirection to phishing sites or initiation of other applications and services on the device via URL schemes like facetime:, tel:, itms-apps:, or custom app deep links.

More Stories

www.news4hackers.com-charter-communications-data-breach-exposes-customer-info-after-ransom-demands-rejected-charter-communications-data-breach-exposes-customer-info-after-ransom-demands-rejected

Charter Communications Data Breach Exposes Customer Info After Ransom Demands Rejected

Anuj May 31, 2026
www.news4hackers.com-critical-gogs-vulnerability-allows-unauthenticated-remote-code-execution-critical-gogs-vulnerability-allows-unauthenticated-remote-code-execution

Critical Gogs Vulnerability Allows Unauthenticated Remote Code Execution

Anuj May 29, 2026
www.news4hackers.com-sextortionist-sentenced-to-33-years-for-targeting-145-children-online-sextortionist-sentenced-to-33-years-for-targeting-145-children-online

Sextortionist Sentenced to 33 Years for Targeting 145 Children Online

Anuj May 28, 2026

Latest Cyber Security News

www.news4hackers.com-retired-doctor-scammed-1-42-crore-in-18-day-digital-scam-in-haryana-retired-doctor-scammed-1-42-crore-in-18-day-digital-scam-in-haryana-2

Man Arrested for Impersonating CBI Officer in ₹1.41 Crore Fraud Scandal

Anuj June 20, 2026
www.news4hackers.com-retired-doctor-scammed-1-42-crore-in-18-day-digital-scam-in-haryana-retired-doctor-scammed-1-42-crore-in-18-day-digital-scam-in-haryana-1

Texas License Data Breach Impacts Over 3 Million Drivers

Anuj June 20, 2026
www.news4hackers.com-retired-doctor-scammed-1-42-crore-in-18-day-digital-scam-in-haryana-retired-doctor-scammed-1-42-crore-in-18-day-digital-scam-in-haryana

Retired Doctor Scammed ₹1.42 Crore in 18-Day Digital Scam in Haryana

Anuj June 20, 2026
www.news4hackers.com-mastodon-4-6-introduces-profile-collections-and-two-factor-security-controls-mastodon-4-6-introduces-profile-collections-and-two-factor-security-controls-3

Apple Fixes Beats Eavesdropping Flaw, DOT Ends Delta CrowdStrike Probe, AWS Continuum Updates

Anuj June 19, 2026
www.news4hackers.com-mastodon-4-6-introduces-profile-collections-and-two-factor-security-controls-mastodon-4-6-introduces-profile-collections-and-two-factor-security-controls-2

Cybercriminals Exploit GitHub, YouTube, and VirusTotal to Distribute Crypto-Stealing Malware

Anuj June 19, 2026
en_USEnglish
en_USEnglish