A recent zero-click attack has compromised WhatsApp accounts of iPhone users running iOS 16 in Italy, allowing attackers to send messages asking for money transfers without user consent or knowledge. The investigation by digital forensics firm Forenser found that no linked devices were visible in the app, indicating a sophisticated breach exploiting vulnerabilities like CVE-2025-43300 and CVE-2025-55177.
The attack involves session resynchronization between the legitimate device and the attacker’s client, leading to unauthorized access. Victims are urged to update their iOS to the latest version to mitigate risks, and should use features like chat locks to protect their accounts.