Security researchers have identified two software vulnerabilities in WhatsApp that could be exploited by cybercriminals to launch social engineering attacks. The flaws, known as CVE-2026-23866 and CVE-2026-23863, were disclosed through Meta’s Bug Bounty program. While there is no evidence of real-world exploitation yet, experts urge users to update their app settings.
Malicious messages could potentially trick devices into opening content from unknown sources, emphasizing the importance of staying vigilant. WhatsApp has released an update to address these vulnerabilities and advises users to ensure they have the latest version installed for protection.
To safeguard their devices, Android users can update WhatsApp via the Google Play Store by searching for WhatsApp Messenger and selecting “Update.” Similarly, iPhone users can update the app by accessing the App Store, navigating to WhatsApp, and selecting “Update.”
In related news, older Android devices running versions prior to Android 6 may lose access to WhatsApp from September 8, 2026. Affected users could receive a notification indicating the app will no longer function on their devices. However, the impact is expected to be minimal as Android 6 is now outdated and rarely used on modern smartphones.