Amnesty International said one user of the spyware targeted a staff member past year in Saudi Arabia - saying NSO's Pegasus surveillance tool was used to hijack the staffer's smartphone.
WhatsApp said that the vulnerability was discovered this month, and that the company quickly addressed the problem within its own infrastructure.
The company told the paper: "Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is exclusively operated by intelligence and law enforcement agencies". "We have briefed a number of human rights organizations to share the information we can and to work with them to notify civil society".
WhatsApp was targeted by an "advanced cyber actor" which exploited a major vulnerability in the messaging app to install spyware.
The vulnerability leveraged a bug in WhatsApp's audio call feature, facilitating the installation of spyware on the device being called whether the call was answered or not.
The Financial Times reported Israeli security firm NSO Group developed the attack and sold spyware, which can control smartphones, their cameras and effectively turn them into surveillance devices.
Human rights group Amnesty International has launched legal action to stop NSO Group from selling its spyware, claiming that Pegasus has been "linked to attacks on activists and journalists in Saudi Arabia, Mexico and the United Arab Emirates". One researcher believes that the weekend patch may have prevented the attack from going through.
"WhatsApp have today announced a vulnerability that could have allowed users' phones to be compromised", an NCSC spokesman said.
NSO Group said in a statement: "NSO's technology is licensed to authorised government agencies for the sole goal of fighting crime and terror".
WhatsApp users must update to the latest version of the app to avoid be infected by malicious software.
Encrypted messaging apps should never be considered secure, experts have warned, after a flaw in WhatsApp allowed attackers to spy on activists.
It's not immediately clear how numerous app's 1.5 billion users were affected but a WhatsApp spokesperson told the Financial Times that "a number in the dozens would not be inaccurate". Or, you can just visit the app store on your phone and update it manually and immediately.