Hello and welcome to the Wednesday, November 26, 2025 edition of the Sands and at Storm Center's Stormcast.

My name is Johannes Ulrich, recording today from Jacksonville, Florida.

And this episode is brought you by the sands.edu underwrite a certificate program

in cyber security fundamentals. And just as a reminder, this is the last podcast for this week,

given the Thanksgiving holiday coming up. This is published a quick announcement here that

they're seeing some attacks against messaging applications.

The attacks themselves are not new.

They're already sort of highlighting three different attacks here.

One is the use of QR codes, which sometimes can be used in order to trick a victim into adding an attacker's device to their account. And then, of course,

that attacker device does have access to your messages, even in some cases for end-to-end

encrypted applications. Also, the exploitation of bugs in the application itself. That's then sort of in some cases these very dangerous seroclic attacks.

I message, WhatsApp in the past, have been hit by these war on abilities.

And lastly, also, well, that's probably the hardest to defend against impersonation,

where someone is just claiming to be a different person in a messaging

app. So always be careful to verify who you are talking to. I just want to point out something

that isn't sort of explicitly stated here. They're talking about WhatsApp signal, signal in particular

being famous for its very robust end-to-end encryption. Just remember,

end-to-end encryption means that at the ends, the messages are still readable. So if the

attacker does have access to like a keystroke logger or the ability to take screenshots, then usually

that end-to-end encryption doesn't really do much, even if the application

is rather careful in how they're dealing with these messages on the end user system, like how

they're then encrypting them.

...