The 🇺🇸US Cybersecurity and Infrastructure Security Agency (CISA) has issued a national alert warning that cyber actors are using sophisticated targeting & social engineering techniques to deliver spyware & gain unauthorised access to victims’ mobile messaging apps. cisa.gov/news-events/alerts/…

⚠️@HennaVirkkunen promises to submit a list of #spyware companies that received 🇪🇺EU funding following our @FTM_eu investigation. 💡All applications, she said, are reviewed by a “multidisciplinary team of ethical experts.” 🎥 WATCH: youtu.be/SjSndVxMNXU?si=lYwB… Q: @daniel_freund

NEW: How former L3Harris Trenchant boss Peter Williams was able to steal zero-days worth millions of dollars, based on court docs and interviews with former colleagues. “No one had any supervision over [Williams] at all. He was kind of allowed to do things the way he wanted to.”

IOS 26.1 Security updates are now live and there are quite a few. support.apple.com/en-us/1256…

Unfortunately usually by the time the threat notification arrives, the attacker has already known for a while that they got caught and have already wiped their spyware and the evidence contained in logs ages off quickly, so minimal if any evidence left by the time analysis is performed. Only way to protect yourself and detect spyware is routine scanning, ideally daily, not post notification checks. The attacker can find out they were caught before threat notifications are sent due to a delay between when malicious messaging accounts (for sending 0-click exploit chains) or exploit/C2 infra is shutdown and the threat notifications are sent out. Shutting those down has a lower threshold than threat notifications so it happens right away at the start of the investigation giving attackers time to clean up their mess.

A decision by the Swiss Supreme Court has revealed an ongoing investigation by the 🇨🇭Office of the Attorney General into exports of #spyware to various countries in breach of Swiss export control laws. The investigation relates to the company Thalestris Switzerland. lexology.com/library/detail.…

🇺🇸US Immigration and Customs Enforcement (ICE) law enforcement arm Homeland Security Investigations (HSI) has signed a contract worth $3m with Magnet Forensics, a company that makes a phone-hacking & unlocking device called Graykey, writes @lorenzofb. techcrunch.com/2025/09/18/ic…

Mythical Beasts: Diving into the depths of the global spyware market #Cybersecurity buff.ly/etqPsMp

The 🇺🇸U.S. civil litigation discovery process has been known as a double-edged sword, allowing for extensive fact-finding while also imposing significant costs & risks. This dichotomy is especially true for #spyware litigation, writes @natynettle. justsecurity.org/118409/disc…

Great piece by @DavidKenner. Still wondering though—are their skincare products actually any good? #spyware icij.org/investigations/cypr…

forbes.com/sites/kateoflaher… It certainly does appear likely that the targeting was carried out directly by the Iranian government, as the victims held minimal to no strategic value for other nations. If so, it is highly improbable that the capabilities were developed internally. A more plausible scenario is that the spyware was obtained from a commercial vendor. Nations aligned with Iran are unlikely to share such sensitive tools, as doing so would risk operational exposure. If Iran’s use were to reveal the underlying vulnerabilities, they could be patched — rendering the associated multi-million dollar exploits worthless. No way Russia or China would risk their tools, thereby losing their own access to their own strategic targets, just to help Iran with regime security by targeting anti-regime activists.

The attacks mark the first known example of such highly advanced cyber-espionage tools being used both inside Iran and against Iranians living abroad. It’s not clear who was behind the attacks. bloomberg.com/news/articles/…

Mexico's attorney general launched a probe into allegations that the country's former president took bribes from businessmen looking to secure spyware contracts therecord.media/former-mexic…

FREE first advanced security scan — the same deep forensic spyware detection trusted by governments. Finds what other apps miss. No subscription. No trial. Just install, Sign in with Apple (Hide My Email supported), follow the instructions and scan. See the results in the app. apps.apple.com/app/id6468312… #FreeApp #PrivacyApp #iOSSecurity #AppDeals

Anyone else notice that #LockdownMode on #iOS as of late doesn't seem to be blocking new iMessages from new/unknown contacts? A few of our team members noticed that messages from new/unknown contacts are coming in and can be read and a few users have emailed us with this concern too. For some messages, the expected warning notification comes in (often hours later) saying Lockdown mode blocked the message, even though it did not, and for others, the message comes in unblocked with no notification. Still receiving the occasional notification of a blocked message that is actually blocked too. All other Lockdown Mode protections are still in place (we tested them), just not the inbound message filtering. Other iMessages ones, such as attachments being blocked, are still in place as well as the WebKit ones.

🇪🇺 EU Parliament to hold a plenary debate on the #spyware state-of-play next week in Strasbourg following a request by @GreensEFA.

Paragon says it “offered both the Italian government & parliament a way to determine whether its system had been used against the journalist," but since "Italian authorities chose not to proceed with this solution, Paragon terminated its contracts" haaretz.com/00000197-511f-dd…

Spyware maker NSO Group asked a federal judge to reduce the damages it owes to WhatsApp in a case involving 1,400 infected phones, or set up a new trial therecord.media/nso-group-ap…

Before everyone freaks out about Susie Wiles' (Trump's Chief of Staff) phone getting “hacked” — yes, it’s possible her phone was compromised... ...but far more likely: a third-party account with her contact info (like GMail) was breached due to classic password reuse or some other security issue. Still a problem for sure, but quite different than spyware being installed on her phone. Advanced threat actors don’t burn million-dollar iOS exploits by compromising a phone and then immediately using the contacts list on it to cause trouble. They go quiet, stay hidden, and collect intel for months or years. Don't forget to scan your iPhone with Am I Secure? to detect installed spyware. Available on the App Store. #BreakingNews #CyberSecurity #iPhoneHack #spyware