Apple has issued a fresh warning after mercenary spyware attacks were detected targeting its users across multiple regions, according to France’s national cybersecurity agency, CERT-FR. The alerts, which began early this year, highlight the growing threat of sophisticated spyware campaigns that require little or no interaction from the victim.
Spyware Attacks Increasing in Frequency
CERT-FR confirmed that Apple has sent at least four separate threat notifications in 2025 — on March 5, April 29, June 25, and September 3 — alerting targeted users that their devices may have been compromised. The notifications were sent via phone numbers and emails associated with Apple IDs and also appeared prominently when users logged into their iCloud accounts.
These attacks are not random. According to CERT-FR, they are highly targeted operations aimed at journalists, lawyers, political figures, human rights activists, and executives in critical industries. The attackers frequently use zero-day vulnerabilities, which are flaws unknown to software vendors, making them especially dangerous and difficult to defend against.
How the Attacks Work
The spyware campaigns identified by Apple and CERT-FR often involve zero-click exploits, where a victim does not even need to click a malicious link for the infection to occur. Last month, Apple released emergency patches addressing a zero-day flaw (CVE-2025-43300), which was chained with a WhatsApp zero-click exploit (CVE-2025-55177). This combination allowed attackers to remotely compromise devices with little effort.
WhatsApp separately urged users to reset devices to factory settings and maintain updated operating systems to prevent further compromise. Apple echoed this, recommending that targeted individuals enable Lockdown Mode, a feature that limits potential attack surfaces on iPhones and other Apple devices.
Apple’s Global Security Response
Since 2021, Apple has been issuing threat notifications multiple times a year, warning users in over 150 countries about ongoing spyware campaigns. While Apple has not attributed these attacks to specific groups or nations, cybersecurity experts believe that mercenary spyware vendors — companies that sell advanced hacking tools to governments or private entities — are behind many of these operations.
Apple also recommends that individuals who receive a threat notification seek immediate assistance from organizations like Access Now’s Digital Security Helpline, which provides emergency cybersecurity support to those under attack.
Why This Matters
The rise in mercenary spyware represents a serious escalation in digital threats, especially as such tools are increasingly used against civil society, press freedom advocates, and political opposition groups. Unlike traditional malware, these advanced tools can silently harvest data, track communications, and compromise sensitive networks.
Conclusion
Apple’s repeated threat notifications underline a stark reality: no device, no matter how secure, is immune from sophisticated spyware campaigns. For users in sensitive positions, enabling Lockdown Mode, updating devices regularly, and leveraging professional cybersecurity support are critical steps in reducing risk. As mercenary spyware becomes more widespread, the need for constant vigilance and rapid response is greater than ever.
