All articles tagged with #spyware
Google warns of Coruna—a suspected leaked US government tool—that uses 23 iPhone vulnerabilities to hijack devices, potentially via malicious Safari links; the spyware can spread globally through cybercriminals and affects iPhones on iOS versions 13 through 17.2.1, with guidance to update iOS or enable Lockdown Mode for protection.
Meta is rolling out 'Strict Account Settings'—a lockdown mode for WhatsApp that adds extreme privacy controls for high-risk users (e.g., journalists), including enforced two-step verification, blocking media/attachments from unknown senders, silencing unknown calls, hiding last seen/online status, restricting profile details, and more; the feature is activated from the main device and will roll out gradually, with a backend Rust migration to boost protection against spyware.
CISA has ordered U.S. federal agencies to patch a critical Samsung vulnerability (CVE-2025-21042) exploited since July 2024 to deploy LandFall spyware via WhatsApp, which can access extensive device data. Although Samsung patched it in April, ongoing exploitation prompted urgent security measures, with federal agencies required to fix the flaw by December 1. The spyware targets flagship Samsung devices and has potential links to international espionage activities, emphasizing the importance of timely updates.
A new Android spyware called Landfall exploited a zero-day vulnerability in Samsung Galaxy devices for nearly a year, enabling surveillance activities like call recording and data harvesting, primarily targeting Middle Eastern users. The campaign used sophisticated, targeted attacks likely linked to a well-resourced actor, possibly connected to the UAE government, though definitive attribution remains uncertain. Samsung patched the vulnerability in April, but related exploits continued to be observed until recently.
A security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver the LANDFALL spyware via WhatsApp, targeting users in the Middle East. The flaw, CVE-2025-21042, allowed remote code execution through malicious DNG images, leading to comprehensive data theft. Samsung patched the vulnerability in April 2025, but the attack highlights the ongoing threat of sophisticated exploits in the wild.
A Chrome zero-day exploited in Operation ForumTroll was linked to Italian spyware vendor Memento Labs, which developed the LeetAgent and Dante malware used in targeted attacks on Russian and Belarusian organizations. The campaign involved sophisticated phishing and browser exploits, with Memento Labs emerging as a successor to the notorious Hacking Team.
Meta Platforms successfully obtained a court order to block NSO Group, a spyware maker, marking a legal victory against surveillance technology misuse.
Apple has increased its bug bounty reward to $2 million for the most dangerous exploits that could be used for spyware, with the potential total reward reaching $5 million including bonuses, as part of its ongoing efforts to improve security and combat the spyware industry.
404 Media is suing ICE to force the agency to disclose details of a $2 million contract with spyware company Paragon, which can remotely access messaging apps on phones. The contract, reactivated after a White House freeze, raises concerns about civil rights abuses amid ICE's controversial immigration enforcement practices. Paragon's technology has been linked to government surveillance in multiple countries and has been used to target journalists and activists, prompting fears about its potential misuse in the U.S.
France's cybersecurity agency confirmed that Apple issued multiple security alerts in 2025 about sophisticated spyware campaigns targeting individuals, including journalists and officials, with no specific attribution provided. Users receiving these alerts are advised to contact CERT-FR and avoid device modifications to aid investigations.
Apple has notified several users in France that their devices were targeted by a spyware campaign, with the French cybersecurity unit confirming the alerts and indicating potential device compromise, though details on the number of victims and the spyware used remain unclear.
A new spyware malware automates sextortion by monitoring browsers for NSFW content, then capturing screenshots and webcam photos of victims, escalating the threat of cybercrime and privacy invasion.
US immigration agencies have gained access to Paragon Solutions' spyware, Graphite, a powerful tool capable of hacking into phones and encrypted apps, raising concerns over privacy and civil liberties amid ongoing debates about government surveillance and human rights.
Cybersecurity researchers report a shift in Android malware, with dropper apps now delivering SMS stealers and spyware instead of just banking trojans, using sophisticated methods to evade Google Play Protect and targeting users in Asia and Europe through malicious apps and ads, highlighting ongoing challenges in mobile security.
WhatsApp patched a zero-click vulnerability (CVE-2025-55177) exploited in targeted spyware attacks against Apple users, highlighting the increasing threat of sophisticated, no-user-interaction hacks that can compromise mobile devices, especially among journalists and activists.