spyware

CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042)

November 11, 2025

CISA has added CVE-2025-21042, a vulnerability affecting Samsung mobile devices, to its Known Exploited Vulnerabilities (KEV) catalog, and has ordered US federal civilian …

Italian-made spyware Dante linked to Chrome zero-day exploitation campaign

October 28, 2025

CVE-2025-2783, a Chrome zero-day vulnerability that was detected being exploited in March 2025 and was subsequently fixed by Google, was used by unknown attackers to deliver …

ProSpy and ToSpy: New spyware families impersonating secure messaging apps

October 2, 2025

ESET researchers have found two Android spyware campaigns aimed at people looking for secure messaging apps such as Signal and ToTok. The attackers spread the spyware through …

iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200)

June 13, 2025

A zero-click attack leveraging a freshly disclosed Messages vulnerability (CVE-2025-43200) has infected the iPhones of two European journalists with Paragon’s Graphite …

44% of the zero-days exploited in 2024 were in enterprise solutions

April 29, 2025

In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of …

Serbian government used Cellebrite to unlock phones, install spyware

December 16, 2024

Serbian police and intelligence officers used Cellebrite forensic extraction software to unlock journalists’ and activists’ phones and install previously unknown …

How widespread is mercenary spyware? More than you think

December 4, 2024

A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one would hope. The results …

GuardZoo spyware used by Houthis to target military personnel

July 9, 2024

Lookout discovered GuardZoo, Android spyware targeting Middle Eastern military personnel. This campaign leverages malicious apps with military and religious themes to lure …

Zero-day exploitation surged in 2023, Google finds

March 28, 2024

2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, …

The fight against commercial spyware misuse is heating up

February 7, 2024

Though there are organizations out there investigating how commercial spyware is misused to target journalists, human rights defenders and dissidents, the growing market …

Kaspersky releases utility to detect iOS spyware infections

January 17, 2024

Kaspersky’s researchers have developed a lightweight method to detect indicators of infection from sophisticated iOS spyware such as NSO Group’s Pegasus, …

Apple fixes 3 zero-day vulnerabilities exploited to compromise iPhones

September 22, 2023

Apple has released updates for iOS and iPadOS, macOS, watchOS, and Safari to fix three zero-day vulnerabilities (CVE-2023-41992, CVE-2023-41991, CVE-2023-41993) exploited …