Qualcomm Addresses Zero-Day Flaws As X’s Encrypted Chat Sparks Concerns

The digital age, while connecting us globally, has also opened new frontiers for risk. Every tap, swipe, and click leaves a digital footprint, making strong cybersecurity not just an advantage but a necessity.

In the constant tug-of-war between innovation and exploitation, staying secure demands relentless vigilance and rapid adaptation to address emerging threat vectors. Recent headlines highlight the need to urgently identify and fix vulnerabilities before launching, as zero-day attacks scale. Plus, in the social media messaging landscape, encryption capabilities are in the spotlight, as poorly encrypted messaging platforms are raising more questions than ever.

So, let’s break down the latest updates from the world of cybersecurity!
 

Qualcomm Addresses Exploited Zero-Days In Mobile Chips

Chipmaker giant Qualcomm has recently issued crucial patches to address a series of vulnerabilities affecting dozens of its chips. Three of these are “zero-day” flaws — serious security bugs that the developer didn’t know about till they were exploited — might already be in use by hackers.

Google's Threat Analysis Group (TAG), renowned for investigating government-backed cyberattacks, was instrumental in bringing these zero-days to light.


Qualcomm cited TAG's findings, noting that the three flaws, identified as CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038, "may be under limited, targeted exploitation."

Google's Android security team reported these vulnerabilities to Qualcomm in February, initiating the process that led to the recent patches. Since Android is open-source, Qualcomm has shared the fixes, but each phone maker decides when to share the updates, so it might take a while to reach users.

This distributed patching process implies that some devices may remain vulnerable for several more weeks, even with patches readily available. Qualcomm stated in its bulletin that the patches "have been made available to [device makers] in May together with a strong recommendation to deploy the update on affected devices as soon as possible."

Notably, a Google spokesperson confirmed Pixel devices aren’t affected by these Qualcomm flaws, although TAG declined to share details about how the issues were found or used.

Dave Schefcik, a Qualcomm spokesperson, acknowledged the significance of these fixes, stating, "We encourage end users to apply security updates as they become available from device makers."

Hackers target mobile chipsets because they have deep access to the operating system, making it easier to steal sensitive data. Last year, Amnesty International found a Qualcomm zero-day flaw used by Serbian authorities, likely leveraging tools such as Cellebrite, highlighting the need for fast security updates.

This brings us to another hot topic in the world of security – how secure is "encrypted" messaging?
 

X's 'Encrypted' XChat Raises Questions

In an equally critical development in the realm of cybersecurity, Elon Musk's social media platform, X, has begun rolling out a new direct messaging feature dubbed "XChat."

Musk informally announced the feature on X, claiming it has a "whole new architecture," including encryption, vanishing messages, and advanced file-sharing capabilities.


Well, this announcement followed a temporary pause in messaging encryption by the platform, citing a need for "improvements."

However, Musk's pronouncements have been met with significant skepticism from encryption experts, largely due to vague technical details and some questionable claims.

Musk's tweet stated, "This is built on Rust with (Bitcoin style) encryption, a whole new architecture," a phrase that raised red flags.

As crypto news site Coindesk and various experts were quick to point out, the Bitcoin blockchain, while utilizing cryptography and digital signing, is not inherently encrypted.

The concept of "Bitcoin-style encryption" in the context of end-to-end messaging is a misnomer, leading many to doubt whether XChat truly offers the privacy people expect from secure messaging.

True end-to-end encryption (E2EE), as implemented by platforms like Signal and Meta-owned WhatsApp, ensures that messages are completely unreadable by anyone other than the sender and intended recipient, including the platform itself.

This key difference is what keeps others — including hackers or the service itself — from spying on your messages.

Unfortunately, it appears XChat may fall short of this standard. The updated help page for the service still carries a crucial warning: "Currently, we do not offer protections against man-in-the-middle attacks."

Furthermore, it explicitly states that X itself, "as a result of a compulsory legal process," could compromise so-called encrypted DMs without the awareness of either the sender or receiver.

This goes against true E2EE, where even the platform can’t read messages. According to X, messages are stored encrypted and decrypted only when received—but that’s the same as before, when it admitted it could still access them.

More concrete information will come to light once X releases the promised whitepaper and open-source code later this year.

Matthew Hodgson, co-founder and CEO of the encrypted messaging platform Element—used by highly secure organizations such as the U.S. military and NATO—expressed strong reservations, saying, "XChat looks to be just another centralized platform where users have zero control over their data."

He further criticized Musk's approach, stating, "Elon Musk says it's 'encrypted' but offers no technical transparency, no audits, no open source, just vague references to Bitcoin-style architecture."

As we rely more on digital platforms with each passing minute, it’s clear that robust, proactive cybersecurity matters more than ever. From hardware flaws needing urgent fixes to unclear claims on encryption, businesses need to take responsibility to create a secure digital ecosystem.

Do you think platforms should be more open about their security vulnerabilities?

Let us know your thoughts in the comments section below!