Wow, another bumper issue this week. First, we have news for around the web, the we look at the ever-growing cybercriminal threat, and finally, and this is not overstating it, we look at the biggest hack that has been stopped dead in its tracks. This hack is none other than WhatsApp.  

WhatsApp's end-to-end encryption kept messages safe, but a major flaw in its contact-discovery system allowed researchers to map 3.5 billion active accounts worldwide. That's billion with a B! The issue, caused by a lack of rate-limiting, allows them to rapidly check phone numbers and expose extensive metadata such as phone numbers, public keys, timestamps, and even device types. Although message content was never at risk, the study showed how metadata alone can reveal detailed user profiles and global usage patterns, even uncovering millions of WhatsApp users in countries where the app is officially banned!

Over the next year, Roku predicts that 100% of the streaming audience will see ads. For growth marketers in 2026, CTV will remain an important “safe space” as AI creates widespread disruption in the search and social channels. Plus, easier access to self-serve CTV ad buying tools and targeting options will lead to a surge in locally-targeted streaming campaigns.

Read our guide to find out why growth marketers should make sure CTV is part of their 2026 media mix.

Learn more.

Cyber-attack council turns to emergency plans.

London Cyberattacks Confirmed — Security Experts Issue Multiple Warnings.

Asahi cyber-attack puts over 1.5 million customer records at risk.

Why burnout is a growing problem in cybersecurity.

TechWorks Awards 2024 Highlights.

JPMorgan, Citi, and Morgan Stanley client data may be exposed by a vendor's hack, NYT reports.

A Photo Of Cheese Put Him In Jail.

Modern cybercrime has evolved from a niche technical threat into a significant and escalating global economic force. It functions as a highly profitable shadow industry, built on a foundation of anonymity.

The global financial and operational impact of cybercrime is staggering, as evidenced by recent data:

The core motivation driving this expansion is a simple risk-reward analysis. Cybercrime offers the potential for immense financial gain with a fraction of the personal risk associated with traditional criminal activities. The anonymity of the internet provides a shield, allowing threat actors to operate from anywhere in the world. This combination of massive potential rewards and lower risks has created a formidable and persistent threat. To execute their operations, these actors consistently leverage their most reliable method: exploiting human psychology.

Regardless of the sophistication of technical defences, the human user remains the most consistently vulnerable element in any security framework. Threat actors systematically exploit fundamental human emotions, trust, fear, urgency, and ignorance, to bypass technological safeguards. The "technical support scam" is a classic example that preys on a user's lack of technical knowledge and fear of data loss:

Beyond direct scams, phishing remains the dominant initial access vector for more sophisticated attacks, initiating 80% of all cyberattacks. Its effectiveness is alarmingly persistent, even among individuals who have received security training. Data shows that up to 30% of awareness course attendees still click on malicious links, a testament to the continually evolving sophistication of phishing lures.

These varied tactics are deployed by a diverse ecosystem of threat actors, from solitary operators to highly structured criminal syndicates.

Modern cybercrime has undergone a profound professionalisation. The most dangerous hacking gangs operate not as disparate groups of individuals, but as structured, business-like enterprises. They employ specialisation, division of labour, and even quality control, making their operations more efficient, scalable, and dangerous.

A typical organised cybercrime gang is structured with what can be described as separate business divisions, each responsible for a specific stage of the attack lifecycle:

The devastating impact of this enterprise model is best illustrated by the textbook ransomware attack chain against SwissWindows. The attack began with a simple phishing lure, where a single employee clicking on a fake email was enough to paralyse the entire company. With all systems and backups infected, the company faced a ransom demand of around 1 million francs. Refusal to pay resulted in business-ending operational disruption, culminating in bankruptcy and the loss of nearly 200 jobs.

The attack on the town of Rolle demonstrates the common tactic of double extortion. After the town refused to pay the ransom, the hacking group Vice Society retaliated by publishing thousands of confidential documents on the Darknet. This tactic is designed to maximise pressure by adding public shame and regulatory risk to the pain of operational disruption. The leaked data included highly sensitive information on over 5,300 residents:

The impact of these attacks on businesses and municipalities is severe, but the threat escalates dramatically when these criminal enterprises turn their attention to critical infrastructure.

The threat to critical infrastructure, particularly the medical sector, represents a dangerous escalation in the cybercrime landscape. For threat actors, these targets are exceptionally valuable because their operational continuity is directly linked to human life. This creates immense pressure on victim organisations to pay ransoms quickly and without question.

The 2021 attack on Hillel Yaffe Hospital in Israel provides a real-world case study of this threat. The attack caused an immediate shutdown of all computer systems, forcing medical staff to revert to manual, paper-based processes from 30 years ago. Access to patient histories, surgical records, and other critical digital information vanished instantly.

However, the hospital's incident response demonstrated a path to resilience. In contrast to organisations that remain silent, Hillel Yaffe's management took several proactive steps:

The evidence is clear: cybercrime is a persistent, professionalised, and highly adaptive threat. For security leaders and risk management professionals, a reactive stance is no longer viable. Prevention, preparedness, and resilience are the only effective long-term strategies. The divergent outcomes of the Rolle and Hillel Yaffe incidents offer critical lessons in the importance of a well-rehearsed incident response plan.

Based on the incidents and expert analysis presented, several defensive imperatives emerge for any organisation seeking to mitigate these threats:

Ultimately, the strategic lesson is one of vigilance and acceptance. The digital world has removed traditional barriers, and every connection is a potential point of entry.

If you want to know more clink on these links: link 1; link 2; link 3; link 4; link 5; link 6.

Summary

The study reveals that WhatsApp is highly vulnerable to large-scale phone number enumeration, allowing researchers to probe over a hundred million numbers per hour without effective rate limiting or blocking. By using a novel generation method and accessing a reverse-engineered API, the research collected 3.5 billion records of active accounts, providing profound macroscopic insights into user data.

Background

WhatsApp, serving as the world’s largest instant messaging service with 3.5 billion active accounts, holds a critical position in global communication. The platform allows users to discover contacts by querying servers with phone numbers, a design necessary for convenience that inherently enables phone number enumeration. Previous enumeration exploits have been successful, and this paper revisits the issue to demonstrate that WhatsApp remains severely vulnerable to large-scale abuse, contrary to expectations regarding rate-limiting defences. The purpose of this work is to reassess the threat, analyse the information revealed, and investigate the persistence of once-released data.

Use-case

The large-scale aggregation of retrieved account data allows for a detailed census of the WhatsApp user population, which can reveal meaningful and potentially revealing macroscopic insights. Since a registered number indicates an active device, the resulting lists are a reliable basis for spam, phishing, or robocall attacks. Furthermore, the collected data, including public keys and device metadata, enables researchers to analyse OS shares, account activeness, device age, and key re-use, potentially indicating fraudulent activity or insecure custom implementations. The ability to retrieve profile pictures at scale could also be used by malicious actors to construct a facial recognition–based lookup service, or "reverse phone book".

Ethics Considerations

The researchers acknowledged the privacy sensitivity of global phone number enumeration and maintained that empirical testing is the most reliable method for assessing the effectiveness of such attacks in real-world messaging applications, thereby highlighting the platforms' responsibility to implement necessary safeguards. To minimise harm, all experiments were conducted from a single university server, with the load gradually increased, ensuring the enumeration had no direct impact on end users, as all requests terminated at WhatsApp's servers. Crucially, the gathered dataset containing any personally identifiable information (PII) was securely deleted before the paper's public release. The team engaged in a lengthy responsible disclosure process starting in September 2024, but despite repeated tickets detailing the missing rate limits and the potential for large-scale enumeration, Meta provided limited interest and delayed meaningful engagement until August 2025, when the researchers shared the final preprint.