Yazılar

EU Considers Applying Tougher Content Rules to WhatsApp Under Digital Services Act

/in /tarafından

The European Union is considering making WhatsApp more accountable for tackling illegal and harmful content after the messaging platform crossed a key user threshold under the bloc’s digital regulations, a European Commission spokesperson said on Friday.

WhatsApp, owned by Meta Platforms, reported about 51.7 million average monthly active users for its WhatsApp Channels service in the European Union during the first six months of 2025. This exceeds the 45 million user threshold set by the EU’s Digital Services Act (DSA), potentially bringing the service under stricter regulatory oversight.

The DSA imposes tougher obligations on so-called “very large online platforms,” requiring them to take stronger action against illegal and harmful content. Platforms already designated under this category include Meta’s Facebook and Instagram, YouTube, TikTok, Temu and LinkedIn.

European Commission spokesperson Thomas Regnier said the Commission’s focus is on distinguishing between private messaging, which falls outside the scope of the DSA, and public-facing features such as WhatsApp Channels, which function more like social media platforms.

“The objective for the Commission is to check what is actually private messaging, which doesn’t fall under the scope of the DSA, and what are open channels that act more as a social media platform, which do fall under the scope of the DSA,” Regnier told a daily press briefing. He added that the Commission is actively examining the issue and did not rule out formally designating WhatsApp Channels under the DSA.

WhatsApp was not immediately available for comment.
If designated as a very large online platform, WhatsApp could face fines of up to 6% of its global annual revenue for breaches of the DSA.

More Than 56,000 WhatsApp Accounts Exposed by Malicious npm Package

/in /tarafından

A malicious package hosted on Node Package Manager (npm) has compromised more than 56,000 downloads by posing as a legitimate WhatsApp Web API library, allowing attackers to secretly access messages, media files, contacts and session credentials.

The package, identified by cybersecurity firm Koi Security, was published under the name lotusbail and masqueraded as a fork of the popular WhatsApp Web automation library WhiskeySockets Baileys, commonly used by developers to build bots.

According to researchers, the malware intercepts all incoming and outgoing messages by hijacking the legitimate WebSocket connection used by WhatsApp Web. It silently copies authentication tokens and session keys, while normal app functionality continues, making the attack difficult to detect.

Stolen data is encrypted using a custom RSA implementation before being exfiltrated, helping the malware evade network monitoring tools. The package also includes functionality to secretly link an attacker’s device to a victim’s WhatsApp account, granting persistent access to conversations.

Security experts warn that uninstalling the npm package removes the malicious code but does not automatically unlink the attacker’s device. Users are advised to manually review and remove unknown linked devices in WhatsApp’s settings to fully secure their accounts.

Verificación en dos pasos: cómo activarla en WhatsApp, Instagram y TikTok para proteger tus cuentas

/in /tarafından

Las redes sociales se han convertido en uno de los principales objetivos de los ciberdelincuentes. Cada día se reportan miles de casos de cuentas hackeadas en Instagram, Facebook o TikTok. Una de las formas más eficaces de evitarlo es activar la verificación en dos pasos o autenticación en dos factores (2FA), un sistema que añade una capa extra de seguridad.

Con este método, para acceder a una cuenta no basta con la contraseña: también es necesario un segundo paso de identificación, como recibir un código en el móvil o usar una app de autenticación. Así, incluso si alguien descubre tu contraseña, no podrá iniciar sesión sin ese segundo factor.

Cada plataforma ofrece opciones diferentes. En WhatsApp, la función se activa en Ajustes → Cuenta → Verificación en dos pasos. Solo hay que crear un PIN de seis dígitos y, opcionalmente, añadir un correo electrónico para recuperarlo en caso de olvido.

En Instagram, la opción está en Centro de cuentas → Contraseña y seguridad → Autenticación en dos factores, donde se puede elegir recibir el código por SMS, WhatsApp o una app de autenticación. En TikTok, se accede desde Ajustes y privacidad → Seguridad → Verificación en dos pasos, con tres métodos posibles: SMS, correo electrónico o aplicación.

Los expertos recomiendan usar siempre una app de autenticación (como Google Authenticator, Authy o Microsoft Authenticator) en lugar de SMS, ya que los mensajes pueden ser interceptados mediante ataques de duplicado de SIM.

Si pierdes el móvil, podrás recuperar tus cuentas si tenías configurados métodos de respaldo, como correos alternativos o códigos de recuperación guardados. Si no los tienes, deberás contactar con el servicio técnico y verificar tu identidad.

Además, conviene revisar las sesiones activas en tus redes, cerrar las desconocidas y mantener las contraseñas actualizadas con la ayuda de un gestor de contraseñas seguro.