The Meta-owned platform said on Monday that it had uncovered and stopped a series of spear-phishing attempts linked to NSO after receiving reports from users.

According to WhatsApp, the attackers tried to lure targets into clicking malicious links that directed them to websites outside the app.

“They tried to trick people into clicking on malicious links to drive them to external websites outside of WhatsApp,” the company wrote. “We also caught them creating test accounts and groups on WhatsApp, which we took down.”

WhatsApp said the operation shared similarities with another campaign uncovered in Jordan in 2024. In that case, victims who clicked malicious links were infected with Pegasus, NSO Group’s spyware.

Following its latest findings, Meta has asked a US federal court to hold NSO in contempt, arguing that the company breached a permanent injunction issued during a long-running case between both firms.

The court order stemmed from a 2019 hacking campaign in which more than 1,400 WhatsApp users were targeted through the platform. After discovering the breach, WhatsApp alerted affected users and filed a lawsuit against NSO.

A jury later ordered the spyware maker to pay $167 million in damages. That amount was subsequently reduced to $4 million.

The latest court filing is another chapter in an issue that has lasted several years and drawn attention to the high use of commercial spyware around the world.

NSO Group has been repeatedly cautioned over Pegasus, a surveillance tool capable of infiltrating mobile devices through so-called “zero-click” and “one-click” attacks. 

Investigations by journalists, security researchers and technology companies have linked the spyware to operations targeting journalists, activists, dissidents, human rights defenders and political opponents in several countries.

WhatsApp said it has continually exposed suspected spyware campaigns, notified victims and strengthened protections for users who may face a higher risk of digital surveillance.

Other technology companies, including Apple and Google, have also introduced additional security measures designed to help protect users from advanced spyware attacks.

Meta’s latest legal action has attracted support from civil society groups. A coalition of 12 civil rights organisations, privacy advocates and security researchers has filed court briefs backing the company’s position and urging the court to maintain pressure on NSO.

The spyware maker is also still under pressure from the US government. NSO is still listed on the US Commerce Department’s Entity List, a designation that restricts its access to American technology.

Washington has imposed similar measures on other spyware firms, including Intellexa and its founder.

In 2025, a group of US investors acquired NSO and began efforts to rebuild the company’s reputation while seeking the removal of US restrictions. However, the company remains on the Commerce Department blocklist.

The NSO Group did not respond to requests for comment on the latest allegations from WhatsApp.

The training, held at the Staff Clinic Hall, Alausa, Ikeja, was themed “Cybersecurity in 2026: Defending Against Modern Threats in a Digital Workplace.”

It brought together personnel from multiple MDAs to improve their understanding of emerging cyber risks and modern security best practices.

The programme focused on key cybersecurity threats expected to shape the digital landscape in 2026. These included artificial intelligence-driven attacks, deepfake-enabled fraud, advanced phishing schemes, ransomware, identity theft, cloud security risks, and supply chain compromises.

Participants were taken through interactive lectures, scenario-based discussions, case studies, and practical sessions aimed at improving their ability to identify, prevent, and respond to cyber threats in the workplace.

Speaking during one of the sessions, Mr Olabanji Soledayo, Strategic Partnership manager and Cybersecurity Awareness evangelist at ESET Nigeria highlighted the growing importance of human awareness in combating sophisticated cyberattacks and safeguarding digital work environments.

He noted that individuals within organisations are a critical line of defence as attackers rely more on social engineering and identity-based tactics.

He also commended the Lagos State Government for its continued collaboration with ESET in strengthening cybersecurity capacity across its institutions.

Technical sessions at the training covered areas including email security, endpoint protection, ransomware defence, threat detection, and modern cybersecurity practices relevant to government institutions.

Speaking at the event, Mr Kadri Shamusideen, deputy director, Ministry of Science and Technology emphasized the importance of cybersecurity awareness as government services continue to undergo digital transformation.

He added that as government operations become increasingly digitised, cybersecurity awareness has become a critical component of public service delivery.

While technology provides the necessary security controls, our employees remain the first line of defence against cyber threats. Continuous education and awareness are therefore essential in ensuring that staff can identify emerging threats and respond appropriately.

Mr Kadri described the training as timely and relevant, noting that cyber threats continue to evolve in complexity and sophistication, commending the impressive turnout of participants and the support received from various MDAs across Lagos State.

According to him, strategic collaboration between government institutions and cybersecurity industry leaders remains critical to strengthening national cyber resilience.

ESET Nigeria noted that the programme forms part of its broader commitment to helping organisations across Nigeria improve cyber resilience through awareness, education, and advanced cybersecurity solutions.

The company noted that as cybercriminals increasingly adopt artificial intelligence, social engineering techniques, and identity-based attacks, employee awareness remains one of the most effective defences against modern cyber threats.

The attack involved manipulating Meta’s AI support tool into resetting account credentials without properly verifying identity.

In some cases, attackers were able to take over accounts linked to the Obama-era White House Instagram page, beauty retailer Sephora, and a senior U.S. Space Force official.

The accounts were not breached through Meta’s core systems. Instead, hackers targeted the chatbot’s decision-making process, using what cybersecurity experts describe as prompt injection techniques, combined with VPN tools to mimic the location of the account holder.

Once inside the recovery flow, attackers reportedly asked the AI to link new email addresses to targeted accounts. The chatbot then sent verification codes to those emails. After that step, password resets followed.

A security researcher familiar with the incident described how quickly access could be lost and regained. Jane Manchun Wong, a former Meta employee whose account was affected, said in a post on X: “Quite concerning,”.

She also reported repeated password reset attempts and a brief lockout before regaining access.

Posts on social media showed users discussing similar takeovers. Some said they were locked out without warning, while others complained about the lack of human support during recovery.

Meta confirmed the issue had been addressed. Andy Stone, a spokesperson for the company, said: “This issue has been resolved and we are securing impacted accounts,”. In a separate response, he said claims that world leaders’ accounts were compromised were “totally false”.

One of the affected accounts linked to the Obama-era White House page briefly posted content before being recovered, according to reports by 404 Media. The page has been inactive since 2017.

Meta introduced the Instagram AI support chatbot in March 2026. It was designed to handle account recovery and reduce reliance on human support, an area where users have long complained about delays and limited access.

However, the incident has drawn attention to the risks of giving automated systems control over sensitive actions. Security specialists say the problem lies in how these tools are authorised.

Brian Westnedge, vice president for alliances and partnerships at cybersecurity firm Red Sift, said: “This is a foundational architecture failure. The model was given privileged actions without privileged access controls.”

He added that the situation reveals the pressure on Meta, which has cut staff while investing heavily in artificial intelligence systems.

Cybersecurity experts have also warned that the issue is not limited to one company. Prompt injection attacks have appeared in other systems since the rise of AI chatbots after 2022.

Cliff Steinhauer, director of information security and engagement at the National Cybersecurity Alliance, said: “The concern isn’t necessarily AI itself, but whether adequate safeguards exist around what the AI is authorised to do.”

Engin Kirda, a professor at Northeastern University, said attackers are now targeting systems rather than individuals. He noted: “In the past, people were targeted by scams. Now, we are seeing agents being targeted by scams.”

Meta shares fell by more than 5% after reports of the breach, as investors are concerned about the company’s AI spending plans, which are expected to reach up to $145 billion.

The company says it has secured affected accounts and patched the vulnerability. It has not provided further technical details on how the exploit was carried out.

Minister of Education, Tunji Alausa, announced the initiative on Thursday after meetings held during the Education World Forum 2026 in London.

The Federal Government said it would fully fund 36,000 training licences in the programme’s first year, removing the cost barrier for participants.

Training will cover Artificial Intelligence, Data Science, Cybersecurity, Cloud Computing and Software Engineering, while successful participants will earn certifications recognised by employers globally.

Alausa described the programme as one of the biggest government-backed digital skills investments in the country.

“On the sidelines of the Education World Forum 2026 in London, I signed a landmark partnership with @coursera to launch the Digital Training Academy (DTA), a major initiative designed to equip Nigerian youths with globally competitive digital skills.”

He added: “Through this programme, young Nigerians will receive world-class training in Artificial Intelligence, Data Science, Cybersecurity, Cloud Computing, Software Engineering and other high-demand digital fields, while earning globally recognised certifications valued by employers across the world.”

The minister said the programme supports President Bola Tinubu’s Renewed Hope Agenda, which places attention on youth development, innovation and workforce readiness.

“The Renewed Hope Agenda recognises that digital competency is no longer optional. It is foundational,” Alausa said.

“The Digital Training Academy is a direct investment in helping young Nigerians compete and lead in the global digital economy.”

According to the Ministry of Education, the programme will run in partnership with National Open University of Nigeria and Yaba College of Technology.

The government said NOUN would use its nationwide structure to give students across the country access to the programme, while YABATECH would provide technical support, facilitators and industry-focused mentorship.

“Access to training alone is not enough. What truly changes lives is completion, support and accountability,” Alausa stated.

Officials say the academy forms part of reforms introduced by the government to improve technical and vocational education.

In 2025, the Federal Government revised the Technical and Vocational Education Training curriculum, increasing the focus on practical learning with an 80:20 ratio in favour of hands-on training.

Nigeria also signed an agreement with China last year to strengthen vocational education through technical partnerships and practical training support.

The new academy arrives as demand for digital and AI-related skills increases globally. It also comes at a time when Nigeria faces high youth unemployment and underemployment, pushing more young people to seek technology-related careers and remote work opportunities.

The team led by Philemon Zoo Zame, director General of ART was received by Dr. Aminu Maida, the executive vice chairman of NCC, reflecting a growing trend of regional collaboration among African telecom regulators seeking to strengthen digital governance and improve industry performance.

The benchmarking engagement highlights Nigeria’s increasing influence in Africa’s telecommunications ecosystem, particularly in areas such as consumer protection, spectrum management, broadband expansion, and regulatory innovation.

Over the years, the NCC has emerged as one of the continent’s most referenced regulatory institutions, driven by reforms that have helped deepen mobile penetration and digital connectivity in Nigeria.

For Cameroon’s ART, the visit presents an opportunity to understudy regulatory frameworks and operational models that could support the growth of its own telecommunications sector amid Africa’s rapidly evolving digital economy.

Beyond institutional learning, the meeting also underscores the importance of cross-border cooperation in addressing common industry challenges, including cybersecurity, infrastructure deficits, quality of service, and emerging technologies such as 5G and artificial intelligence.

As African countries intensify efforts to build inclusive digital economies, stronger collaboration between regulators like the NCC and ART could play a critical role in shaping harmonised policies and accelerating regional digital transformation.

Officials said the framework aims to keep Lagos safe as the state expands its digital economy and implements its smart city plans.

The Commissioner for Information and Strategy, Gbenga Omotoso, said cyber risks are growing as more organisations move services online and rely heavily on digital systems.

He said Lagos, which is one of Africa’s busiest technology centres, now faces greater exposure to attacks targeting companies, financial services, e-commerce platforms and public institutions.

Noting figures from the National Information Technology Development Agency, Omotoso said Nigeria loses more than $500 million every year to cybercrime.

“This underscores the urgency for stronger, coordinated cybersecurity measures to protect businesses, institutions and residents,” he said.

According to the state government, the guidelines provide steps for small businesses, major companies and ministries, departments and agencies.

They include security checks to identify weak points, stronger login protection such as multi-factor authentication, regular software updates, secure data backups, staff training and phishing awareness exercises.

The framework also advises organisations to improve incident reporting and ensure they meet national legal requirements on data protection and cybercrime.

“The document reflects our proactive approach to safeguarding digital assets while enabling innovation and economic growth.

“These guidelines are not regulatory mandates but tools empowering stakeholders with actionable, context-specific recommendations,” Omotoso said.

Lagos said the new cybersecurity guidelines supports existing national laws and policies, including the Cybercrime Act 2024, the Nigeria Data Protection Act 2023 and the National Cybersecurity Policy and Strategy.

Officials stressed that the state guidelines are meant to complement federal regulations, not replace them.

Omotoso said a secure digital environment is necessary to encourage innovation, attract investment and maintain public trust.

He also commended the Lagos State Cybersecurity Advisory Council, chaired by Prof. Fene Osakwe, for leading work on the document.

He acknowledged support from Tubosun Alake, saying his contribution was important to delivering the project.

“A cyber secure Lagos is critical to sustaining its position as a globally competitive technology hub in the 21st century,” he said.

The state government added that it will continue reviewing the guidelines as threats change and new risks emerge, including ransomware and other advanced attacks.

Seeking to enhance trust, adoption and ensure money circulates within the country rather than being lost to foreign platforms, the Nigeria Internet Registration Association (NiRA) confirmed it has deployed DNSSEC across the .ng domain, meaning the country’s internet addresses can now be verified and protected against cyber attacks.

At the unveiling, Adesola Akinsanya, NiRA president, said the move is meant to stop attackers from redirecting users to fake websites, a growing risk as more services move online.

“The successful deployment and unveiling of DNSSEC on the ng domain represents a defining moment for Nigeria’s internet ecosystem,” the President said.

Described as a long-awaited fix to a weak point in Nigeria’s digital system, DNSSEC provides all round protection. The internet already translates website names into numerical addresses, but it was built on trust. However, that trust can be exploited.

DNSSEC adds a verification layer, confirming that when a user types a .ng website, they are reaching the real destination, not a fake one set up by criminals.

If attackers control a domain’s routing, they can redirect traffic without hacking the website itself. DNSSEC is meant to block that route.

“This achievement did not happen overnight. It is as a result of years of commitment, collaboration and shared vision,” Adebiyi Oladipo, vice chair, ICANN ccNSO said.

The DNSSEC has now been fully signed and is in a monitoring phase, with a gradual rollout planned for registrars and domain owners.

The upgrade puts Nigeria in line with global standards and strengthens trust in local digital services.

Adoption, the bigger problem

The conversation went beyond technology to the issue of Nigerians not using .ng enough. Awareness is low, hence, the media is key to changing that.

Billions still leaving the country

Beyond perception, the economic argument cannot be ignored. NiRA said Nigeria loses billions every year to foreign domain registration and hosting services, as businesses choose .com and host their platforms abroad.

That money, they argued, should stay in the country, especially as local data centres now have the capacity to handle large-scale hosting.

NiRA also confirmed plans to work with organisations like the Corporate Affairs Commission to tie business registration more closely to domain ownership.

What comes next

NiRA is now pushing for adoption, with banks, telecom firms, government agencies and e-commerce platforms being asked to enable DNSSEC and move fully into the .ng space.

“This unveiling is not just about technology; it is about building trust in Nigeria’s digital future,” Oluwaseyi Onasanya, the COO said.

GPT-5.4-Cyber is a version of OpenAI’s latest model adjusted for defensive security work and will not be widely available at launch. Instead, OpenAI is giving early access to selected security firms, organisations and researchers.

The release follows Anthropic’s recent launch of its own frontier model, Mythos. That system is being tested under a restricted programme known as Project Glasswing, where only approved groups can use it for cybersecurity tasks.

According to Anthropic, the model has already identified thousands of serious weaknesses across software systems.

OpenAI is taking a comparable route but with a wider rollout plan over time. The company is expanding its Trusted Access for Cyber programme, which it introduced earlier this year. This scheme verifies users before granting them access to more capable tools.

Under the updated structure, more individuals and teams will be admitted, but access depends on how much information they provide to confirm their identity and role. Those in the highest tier will be allowed to use GPT-5.4-Cyber.

The company said the model has fewer restrictions when handling sensitive tasks such as vulnerability research and code analysis. It is designed to support security professionals who need to examine software more deeply, including analysing compiled programmes without access to their source code.

At the same time, OpenAI is carefully monitoring how the system is used. Because the model allows more freedom, the company is limiting its release and adjusting safeguards as it learns from real-world use.

Tools like GPT-5.4-Cyber can be used for both defence and attack, OpenAI acknowledged that risk, noting that threat actors are already experimenting with artificial intelligence to find new ways into systems.

To manage that, the company said access will not just depend on the model itself, but on who is using it and for what purpose. Strong identity checks and clearer signals of intent are being built into the process.

The aim is to make security tools more widely available without opening the door to misuse. OpenAI said it does not want to decide centrally who gets to defend systems, but it still needs controls that can scale.

This latest release builds on earlier initiatives, including its cybersecurity grant programme and tools designed to scan and fix software vulnerabilities. The company said these systems have already helped address thousands of high-risk issues.

OpenAI expects both risks and benefits to grow, saying future models will likely require stronger protection, even as they provide more advanced support for those working to protect digital infrastructure.

According to AWS’s official status dashboard update, two facilities in the UAE were directly struck by drones, while one facility in Bahrain sustained physical damage from a nearby drone strike.

The company stated: “These strikes have caused structural damage, disrupted power delivery to our infrastructure, and in some cases required fire suppression activities that resulted in additional water damage.”

This marks one of the first publicly confirmed physical military attacks on a major hyperscale cloud provider’s infrastructure.

The incidents affected the AWS Middle East (UAE) Region (ME-CENTRAL-1) and the AWS Middle East (Bahrain) Region (ME-SOUTH-1), leading to outages and degraded performance for services including EC2, S3, DynamoDB, Lambda, and RDS.

AWS has described the recovery as prolonged and unpredictable due to ongoing regional instability.

Customers have been advised to activate disaster recovery plans and migrate workloads to other AWS regions where possible.

Impact on Businesses and Users

The attacks caused service interruptions for banks, delivery apps, government services, and enterprises across the Gulf that depend on these availability zones.

With data centres becoming strategic targets in modern conflicts, this incident highlights the physical vulnerabilities of cloud infrastructure, even for tech giants like Amazon.

AWS and local authorities have not reported casualties from the strikes.

For African businesses and developers heavily reliant on AWS; common for Nigerian fintechs, startups, and enterprises routing through global cloud providers, this serves as a reminder of geopolitical risks.

Experts recommend multi-region redundancy and regular failover testing to avoid similar disruptions.

Amazon has not released detailed images or extent of damage, citing security reasons.

Recovery efforts were reported as making progress in some areas, but full restoration timelines remain unclear.

The company said net income for the year reached $1.06 billion, up from $845.7 million in 2024. Earnings per share also climbed, with GAAP EPS rising 29% to $9.62.

In the fourth quarter alone, revenue came in at $745 million, a 6% increase year on year. Subscription revenue stood out, rising 11% to $325 million.

Check Point: Eight Key Trends Will Define Africa’s Cyber Security in 2026

Growth is not coming from one-off sales, it is being driven by recurring security subscriptions, which now account for a large share of total income.

The company also reported calculated billings of $2.9 billion for the full year, up 9%. Remaining performance obligations, which show future contracted revenue, reached $2.73 billion.

Chief Executive Officer Nadav Zafrir said: “We delivered solid fourth quarter and full year 2025 results, with revenue landing above the midpoint of our outlook and EPS exceeding expectations. Our performance remained resilient throughout the year, driven by continued customer adoption across our Hybrid Mesh Network and Workspace platforms.”

He added: “In 2026, our strategy is centred on securing our customers’ AI transformation across the enterprise. We are focused on executing against our four strategic pillars, Hybrid Mesh, Workspace, and Exposure Management, while embedding AI-driven security throughout our portfolio.

“Today’s announced acquisition of Cyata further expands our AI security stack, enabling full discovery, governance, and control of AI agents as organisations accelerate their AI journeys.”

Beyond earnings, the company moved to strengthen its product offering. It announced three acquisitions in early 2026, covering AI security, asset monitoring, and managed service platforms.

Cash reserves more than doubled during the year. Cash, marketable securities and short-term deposits rose to $4.34 billion from $2.78 billion. The increase followed proceeds from a $2 billion convertible notes offering.

At the same time, Check Point returned money to shareholders. It repurchased about 6.8 million shares in 2025 at a total cost of $1.4 billion.

Cash flow from operations also improved, reaching $1.23 billion for the year despite a one-off tax payment linked to prior years.

Check Point is growing steadily, with stronger revenue in 2025, thriving subscriptions, and a larger cash position in 2026.