CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 08, 2026

WhatsApp Disrupts NSO-Linked Cyberattack Targeting Users with Pegasus Spyware

Cybersecurity News Archived Jun 08, 2026 ✓ Full text saved

Meta’s WhatsApp has identified and disrupted a fresh wave of spear-phishing campaigns linked to NSO Group, the Israeli spyware firm blacklisted by the U.S. government, and is now asking a federal court to hold the company in contempt for violating a permanent injunction issued just last year. In May 2025, a U.S. federal jury ordered […] The post WhatsApp Disrupts NSO-Linked Cyberattack Targeting Users with Pegasus Spyware appeared first on Cyber Security News .

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security WhatsApp Disrupts NSO-Linked Cyberattack Targeting Users with Pegasus Spyware By Guru Baran June 8, 2026 Meta’s WhatsApp has identified and disrupted a fresh wave of spear-phishing campaigns linked to NSO Group, the Israeli spyware firm blacklisted by the U.S. government, and is now asking a federal court to hold the company in contempt for violating a permanent injunction issued just last year. In May 2025, a U.S. federal jury ordered NSO Group to pay $167,254,000 in punitive damages and $444,719 in compensatory damages to WhatsApp following a 2019 campaign that compromised approximately 1,400 users. That case which began when NSO exploited a buffer overflow vulnerability in WhatsApp’s VOIP stack to silently deliver Pegasus spyware resulted in a permanent injunction barring NSO from ever targeting WhatsApp and its users again. NSO’s history of defiance is well-documented; court filings revealed the firm continued developing exploits including malware vectors codenamed “Erised” and “Heaven” even after the original lawsuit was filed. WhatsApp’s latest investigation, triggered by user reports, uncovered NSO-linked accounts attempting to lure users into clicking on malicious external links, a classic 1-click phishing technique previously attributed to NSO Group. The campaign primarily targeted fewer than 10 users in Jordan and Lebanon, according to a Meta spokesperson, who confirmed no signs of successful device compromise were detected. WhatsApp also identified and took down test accounts and groups created by threat actors to stage the attacks. WhatsApp Disrupts NSO Attack WhatsApp is now petitioning the U.S. federal court to hold NSO in contempt of the permanent injunction, arguing that the renewed targeting activity constitutes a direct and willful violation of a binding court order. NSO’s own CEO has confirmed in court that the company actively seeks “vectors, or ways to access the phone” beyond WhatsApp — including browsers, operating systems, and third-party applications illustrating the persistent and expansive nature of its surveillance-for-hire operations. WhatsApp is not fighting this battle alone. In May 2026, 12 civil rights organizations filed amicus briefs in support of the permanent injunction against NSO’s appeal. WhatsApp has also made a significant financial contribution to the Spyware Accountability Initiative (SAI), a fund supporting forensic research organizations, advocacy groups, and user-support networks globally. Citizen Lab, a key technical partner since 2019, previously leveraged its spyware research to trigger an Apple security update protecting over a billion devices. Threat Indicators (IOCs) The following malicious domains have been confirmed as linked to NSO-associated phishing infrastructure. Users and defenders are urged to scan across all platforms — SMS, email, and messaging apps: Indicator Type Value Malicious Domain hxxps://ikhwancast[.]com Malicious Domain hxxps://ghazacast[.]com Malicious Domain hxxps://fr24cast[.]com Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Critical WP Maps Pro Vulnerability Allow Attackers to Create Administrator Account Kali365 PhaaS Operation Expands Beyond Microsoft 365 to Target Okta and MAX Messenger Windows Search URI Handler Flaw Leaks NTLMv2 Hashes to Attacker-Controlled Servers New Magecart Attack Turns Stripe into a Malware Command Server TP-Link Router Vulnerability Allows Attackers to Execute Arbitrary System Commands Latest News Cyber Security OWASP Releases AI Security Report to Empower Security Professionals with New Tools Cyber Security News Internet Explorer WebBrowser Control Attack Chain Turns Clicks Into RCE Cyber Security News Multiple VMware Stored XSS Vulnerabilities Allow Attackers to Inject Malicious Scripts Cyber Security News UniFi OS Server Critical RCE Chain Allows Root Access Without Credentials Cyber Security News Critical Redis RCE Vulnerability Enable Attackers to Gain Complete Control to Host Server
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 08, 2026
    Archived
    Jun 08, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗