Tuesday , April 1 2025
Apple

Apple alerts 92 nations to mercenary spyware attacks

Apple warned users in 91 other countries about a possible “mercenary spyware attack”. Apple notified Reuters that the company found evidence of attackers attempting to remotely compromise iPhones.

Mercenary spyware attacks are rare but much more sophisticated than regular cybercriminal activity or malware, as stated in the email.

CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw

Canon has announced a critical security vulnerability, CVE-2025-1268, in printer drivers for its production printers, multifunction printers, and laser printers....
Read More
CVE-2025-1268  Patch urgently! Canon Fixes Critical Printer Driver Flaw

Within Minute, RamiGPT To Escalate Privilege Gaining Root Access

RamiGPT is an AI security tool that targets root accounts. Using PwnTools and OpwnAI, it quickly navigated privilege escalation scenarios...
Read More
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access

Australian fintech database exposed in 27000 records

Cybersecurity researcher Jeremiah Fowler recently revealed a sensitive data exposure involving the Australian fintech company Vroom by YouX, previously known...
Read More
Australian fintech database exposed in 27000 records

Over 200 Million Info Leaked Online Allegedly Belonging to X

Safety Detectives' Cybersecurity Team found a forum post where a threat actor shared a .CSV file with over 200 million...
Read More
Over 200 Million Info Leaked Online Allegedly Belonging to X

FBI investigating cyberattack at Oracle, Bloomberg News reports

The Federal Bureau of Investigation (FBI) is probing the cyberattack at Oracle (ORCL.N), opens new tab that has led to...
Read More
FBI investigating cyberattack at Oracle, Bloomberg News reports

OpenAI Offering $100K Bounties for Critical Vulns

OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities...
Read More
OpenAI Offering $100K Bounties for Critical Vulns

Splunk Alert User RCE and Data Leak Vulns

Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead...
Read More
Splunk Alert User RCE and Data Leak Vulns

CIRT alert Situational Awareness for Eid Holidays

As the Eid holidays near, cybercriminals may try to take advantage of weakened security during this time. The CTI unit...
Read More
CIRT alert Situational Awareness for Eid Holidays

Cyberattack on Malaysian airports: PM rejected $10 million ransom

Operations at Kuala Lumpur International Airport (KLIA) were unaffected by a cyber attack in which hackers demanded US$10 million (S$13.4...
Read More
Cyberattack on Malaysian airports: PM rejected $10 million ransom

Micropatches released for Windows zero-day leaking NTLM hashes

Unofficial patches are available for a new Windows zero-day vulnerability that allows remote attackers to steal NTLM credentials by deceiving...
Read More
Micropatches released for Windows zero-day leaking NTLM hashes
        Source: Apple

Apple also specifically called out companies like NSO Group for developing commercial surveillance tools such as Pegasus that are used by state actors to pull off “individually targeted attacks of such exceptional cost and complexity.”

“Though deployed against a very small number of individuals — often journalists, activists, politicians, and diplomats — mercenary spyware attacks are ongoing and global,” Apple said.

“The extreme cost, sophistication, and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today.”

TechCrunch reported that Apple sent threat notifications to iPhone users in 92 countries at 12:00 p.m. PST on Wednesday, alongside a revision to the support page.

Last month, the U.S. government announced that Finland, Germany, Ireland, Japan, Poland, and South Korea have joined a group of 11 countries working to develop protections against the misuse of invasive surveillance technology.

“Commercial spyware has been misused across the world by authoritarian regimes and in democracies […] without proper legal authorization, safeguards, or oversight,” the governments said in a joint statement.

Apple said, It threat notifications will never ask you to click any links, open files, install apps or profiles, or provide your Apple ID password or verification code by email or on the phone. To verify that an Apple threat notification is genuine, sign in to appleid.apple.com. If Apple sent you a threat notification, it will be clearly visible at the top of the page after you sign in.

All users should continue to protect themselves from cybercriminals and consumer malware by following best practices for security:

Update devices to the latest software, as that includes the latest security fixes

Protect devices with a passcode

Use two-factor authentication and a strong password for Apple ID

Install apps from the App Store

Use strong and unique passwords online

Don’t click on links or attachments from unknown senders

If you have not received an Apple threat notification, but have good reason to believe you may be targeted, you can enable Lockdown Mode on your Apple devices to help protect against highly sophisticated attacks. If you require emergency cybersecurity assistance for other reasons, we strongly suggest you enlist expert help. The Consumer Reports Security Planner website offers a list of emergency resources that may be able to assist you.

Apple has sent threat notifications multiple times a year since 2021. The company has informed users in more than 150 countries about this.

 

 

Check Also

OpenAI

OpenAI Offering $100K Bounties for Critical Vulns

OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage …

Leave a Reply

Your email address will not be published. Required fields are marked *