The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a fresh alert warning WhatsApp users of a surge in sophisticated spyware and hacking attempts targeting both messaging accounts and mobile phones.
The advisory, released on Tuesday, December 2, 2025, urges millions of users worldwide to review their account security amid rising cyber-attacks linked to social engineering and malicious software. Read Full Article Here.
According to CISA, cybercriminals are now deploying advanced spyware designed to infiltrate WhatsApp accounts with the intention of gaining full control of user data.
Once they breach an account, hackers can install additional malware on the victim’s device, potentially compromising personal information, financial details, and sensitive conversations.
The agency notes that most of these attacks begin with deceptive tactics such as malicious links, harmful QR codes, fake mobile applications, and disguised app installations.
Also Read
- Just In: New Attacks On WhatsApp By Hackers Revealed, Here Is How To Avoid It
- Intern Teachers Disappointed After TSC Latest Circular To Them
- Natembeya Fires Salvos At Ruto After His Directive to Police IG, Reminds Him of Moi’s Final Days
- Kalonzo Explodes: Calls Gachagua’s Nairobi Power-Sharing Claims “Cheap Propaganda”
- Bad News For Sifuna As Details Emerges Of What Is Going To Happen To Him Soon
Some attackers also use persuasive social engineering strategies, tricking victims into sharing their one-time verification codes—an action that instantly transfers the account to the attacker’s device.
Forbes recently highlighted that this single mistake has become one of the most common ways hackers hijack WhatsApp accounts.
CISA emphasised that user vigilance remains the strongest defence. WhatsApp users are advised to avoid clicking unfamiliar links, refrain from downloading apps outside official app stores, and avoid opening suspicious attachments.
To strengthen account security, CISA recommends activating several in-app protection features. Users should enable two-step verification by navigating to WhatsApp Settings → Account → Two-Step Verification. This adds a mandatory security PIN that prevents unauthorised access.
The agency also urges users to add and verify their email address to ensure easy account recovery in case of a breach.
Additionally, WhatsApp’s recently introduced passkey feature allows users to set up an extra layer of security, making their accounts significantly harder to compromise.
The warning comes at a time when cyber threats targeting messaging platforms are increasing globally, with hackers seeking personal data, authentication codes, and financial information.
Meanwhile, WhatsApp continues to roll out new features to improve user experience. The platform recently announced Guest Chats, a feature that will allow communication between WhatsApp users and individuals using feature phones without the app installed.
The update aims to expand connectivity across diverse devices and improve accessibility.
As digital threats evolve, CISA reminds users that security begins with personal caution and consistent use of available protection tools.
About the Author
