Scammers Use TikTok and Instagram Reels to Spread Vidar Infostealer

ReversingLabs reveals how hackers exploit social media engagement metrics to deliver Vidar infostealer malware to thousands of unsuspecting users...

Free Spotify Premium hacks on social media are spreading infostealers

Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware. We've already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they're being lured with slick...

CVE-2026-23866

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggerin...

CVE-2026-23866

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggerin...

CVE-2026-23866

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggerin...

EUVD-2026-26666

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggerin...

CVE-2026-23866

Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigger processing of media content from an arbitrary URL on another user’s device, including triggerin...

CVE-2026-23866

CVE-2026-23866 affects WhatsApp for iOS and Android, in conjunction with Instagram Reels, where incomplete validation of AI-rich response messages could allow a user to trigger processing of media from an arbitrary URL on another user’s device, potentially invoking OS-controlled custom URL scheme...

Facebook WhatsApp 安全漏洞

Facebook WhatsApp is a suite of Android-based mobile applications from Facebook, Inc. in the United States that utilize the Internet to deliver text messages. The application uses the contact information in a smartphone to find contacts using the software to send texts, pictures, and more. A...

PT-2026-36500

Name of the Vulnerable Software and Affected Versions WhatsApp for iOS versions 2.25.8.0 through 2.26.15.72 WhatsApp for Android versions 2.25.8.0 through 2.26.7.10 Description Incomplete validation of AI rich response messages for Instagram Reels allows a user to trigger the processing of media...