Meta has presented a new security option in WhatsApp for people who, for their work or public visibility, can be the target of sophisticated digital espionage attacks. This is a way that restricts several app functions and raises barriers to attack vectors that often take advantage of apparently harmless interactions, such as messages or attachments of unknown senders.
The functionality, baptized as Strict Account Settings, recalls tools already known in other ecosystems, such as the Lockdown Apple Mode or Google Advanced Protection. In essence, Meta proposes to sacrifice some comfort to obtain a much stricter safety profile: when the mode is active, several settings are set in the most conservative option and the application limits the reception of content from people who are not on the contact agenda.
The practical consequences include the restriction of automatic downloads, the reduction of ways in which third parties can initiate communications and, according to the company, the silencing of calls from unrecognized numbers. They are measures aimed at cutting the pass to exploits that spread through multimedia files or links sent by adversaries who try to camouflage themselves as legitimate contacts.
Meta explains that the new alternative can be activated from the app itself: Settings > Privacy > Advanced, and that the implementation will be gradual over the next few weeks. While the firm does not want it to be a solution for all users - it is not necessary for the majority - it does recommend it for journalists, activists, officials or anyone who may be at greater risk for their public profile.
In parallel to this functionality, WhatsApp has announced a relevant technical initiative: the incorporation of programming language Rust in its media exchange infrastructure. The objective is to minimize vulnerabilities linked to memory management, a type of failure often exploited by advanced spyware.
By adopting Rust to develop a multi-platform bookstore called "wamedia," Meta states that it has achieved a safer and more efficient platform for processing photos, videos and other files that users share daily. Rust is known for its model of memory security in compilation time, which drastically reduces classic errors such as buffer overflows or already released memory access, problems that in C and C + + have generated serious historical gaps.
The company describes this initiative as one of the largest implementation of code written in Rust on a global scale within its products, and it is accompanied by a three-pronged approach to address the risks: design to limit the attack surface, strengthening the parts still written in C / C + + with greater security guarantees, and choosing languages with memory security for the new code whenever possible.
In addition to the use of Rust, Meta points out that it has applied techniques such as Control-Flow Integrity (CFI), hardened memory and APIs that handle buffers more safely. They are measures that, combined, form an in-depth defence strategy aimed at reducing the likelihood that an isolated failure will lead to a massive intrusion.
Such technical improvements are not an instant remedy to all threats, but they do mark an important trend in industry: to put memory protection and best security practices as pillars of development in applications that handle large-scale personal data. That an app with more than two billion users invest in these measures is relevant to the entire ecosystem.
If you are concerned about safety for your media or professional exposure, activating these options can be a good first step. However, it should be recalled that basic digital hygiene remains essential: to keep the operating system and apps up to date, to distrust links and files from unknown shipping and to complement protection with practices such as the use of safe passwords and verification in two steps.
For those who want to deepen the official ads, Meta has posted details on her corporate blog on the new strict account mode and Rust's deployment on the multimedia platform. You can see the WhatsApp privacy note on the platform's official blog Here. and technical explanation in the engineering blog of Meta Here.. Meta has also disseminated a statement on the initiative from its corporate site Here..
In short, the combination of more restrictive use adjustments for risk profiles and deep changes in the code base are signs that security on large platforms is evolving. There is no single solution to targeted espionage, but the measures announced by Meta represent concrete steps in the right direction to reduce attack vectors used by sophisticated actors.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...