Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Apple mercenary spyware targeting campaign

Campaign
First reported
Last updated
Happening score
H score 53
2 unique sources, 2 articles

Summary

Hide ▲

Apple and CERT-FR identified an ongoing mercenary spyware campaign that triggered at least four threat notifications since the start of 2025, showing repeated attempts to compromise targeted users. The operation is aimed at high-value people such as journalists, lawyers, activists, politicians, senior officials, and strategic-sector managers. The attacks are described as highly sophisticated and often use zero-day vulnerabilities or no user interaction, making silent compromise more likely. Apple says a notification can mean at least one linked device was targeted and is potentially compromised.

Related Happenings

Bitter Middle East spear-phishing campaign targeting civil society figures

Campaign
First: 09.04.2026 13:45 Last: 09.04.2026 13:45 Sources 1

About this happening: A **spear-phishing campaign** targeted **civil society figures in Middle Eastern countries**, including **three journalists in Egypt and Lebanon**, creating account-compromise ris...

Open Happening

Coruna watering-hole and fake-site exploitation campaign

Campaign
First: 26.03.2026 13:07 Last: 26.03.2026 13:07 Sources 1

About this happening: A suspected **Russia-aligned nation-state actor** is using **Coruna** in **watering-hole attacks in Ukraine** and a **mass exploitation campaign**, expanding the kit’s abuse beyon...

Open Happening

DarkSword operators phishing and watering-hole campaign

Campaign
First: 18.03.2026 23:15 Last: 18.03.2026 23:15 Sources 1

About this happening: **DarkSword** operators ran a **cross-border phishing and watering-hole campaign** using an **iPhone exploit chain** against users in **Saudi Arabia** and **Ukraine**, with additi...

Open Happening

UNC6353 and UNC6691 Coruna iOS exploit campaign

Campaign
First: 04.03.2026 21:06 Last: 04.03.2026 21:06 Sources 1

About this happening: The **Coruna** iOS exploit campaign spread through **watering-hole** and **fake finance/crypto** lures, extending reach from **iPhone users** to **crypto users**. **UNC6353** used...

Open Happening

Coruna iOS mass exploitation wave

Exploitation Wave
First: 04.03.2026 15:28 Last: 04.03.2026 15:28 Sources 1

About this happening: The **Coruna** exploit kit marks the **first observed mass exploitation against iOS devices**, shifting risk from highly targeted spyware to **broad deployment** against **iPhone...

Open Happening

Timeline

  1. 11.09.2025 22:02 1 articles · 8mo ago

    Apple threat notification sent on March 5, 2025

    Initial Disclosure

    Apple sent a threat notification on March 5, 2025, to phone numbers and email addresses associated with Apple accounts, warning that a linked device had been targeted by mercenary spyware attacks.

    Show sources
    Open in new tab
  2. 11.09.2025 22:02 1 articles · 8mo ago

    Apple threat notification sent on April 29, 2025

    Initial Disclosure

    Apple sent a threat notification on April 29, 2025, to phone numbers and email addresses associated with Apple accounts, warning that a linked device had been targeted by mercenary spyware attacks.

    Show sources
    Open in new tab
  3. 11.09.2025 22:02 1 articles · 8mo ago

    Apple threat notification sent on June 25, 2025

    Initial Disclosure

    Apple sent a threat notification on June 25, 2025, to phone numbers and email addresses associated with Apple accounts, warning that a linked device had been targeted by mercenary spyware attacks.

    Show sources
    Open in new tab
  4. 11.09.2025 22:02 2 articles · 8mo ago

    Apple threat notification sent on September 3, 2025

    Initial Disclosure

    Apple sent a threat notification on September 3, 2025, to phone numbers and email addresses associated with Apple accounts, warning that a linked device had been targeted by mercenary spyware attacks.

    Show sources
    Open in new tab
  5. 11.09.2025 22:02 2 articles · 8mo ago

    CERT-FR says Apple issued repeated mercenary spyware notifications in 2025

    Campaign Scope Update

    CERT-FR said Apple had issued at least four threat notifications since the start of 2025, and that the notifications described highly sophisticated mercenary spyware attacks that often use zero-day vulnerabilities or require no user interaction; Apple also tied related context to emergency updates for CVE-2025-43300 and CVE-2025-55177 and advised targeted users to enable Lockdown Mode and request rapid-response emergency security assistance through Access Now's Digital Security Helpline.

    Show sources
    Open in new tab