This week, Apple sent alerts to people around the world, warning them that their iPhones may have been targeted by state-sponsored surveillance tools. So far, two people have shared that they received these warnings. The first is Ciro Pellegrino, a journalist from Italy who works with the news website Fanpage. He said Apple contacted him on Tuesday through both email and text message, saying he had been targeted by spyware. The message also mentioned:

“Today’s notification is being sent to affected users in 100 countries.”

Pellegrino confirmed the alert in an article and wrote:

“Did this really happen? Yes, it is not a joke.”

The second person is Eva Vlaardingerbroek, a Dutch political activist. On Wednesday, she posted on X (formerly Twitter) with a screenshot of the message from Apple. It said:

“Apple detected a targeted mercenary spyware attack against your iPhone. This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning. Please take it seriously.”

Reacting to the alert, Vlaardingerbroek said the spyware attempt was:

“an attempt to intimidate me, an attempt to silence me, obviously.”

Apple didn’t name which spyware or campaign was responsible, and has not yet responded to requests for comment. This isn’t the first time Apple has sent out such warnings. Last year, Apple also notified users in dozens of countries that their devices had been targeted by similar spyware. The spyware used in such attacks is often called “mercenary spyware”, because it’s developed by private companies and then sold to governments. Pellegrino is now the second Italian journalist this year to get such a warning.

Back in February, messaging app WhatsApp told Francesco Cancellato, another Fanpage journalist, that his phone had been attacked by spyware. WhatsApp said:

“interrupted the activities of a spyware company which we believe attacked your device.”

That spyware was linked to Paragon Solutions, a company based in Israel. Digital rights group Citizen Lab, known for investigating spyware cases, confirmed that they are looking into the WhatsApp attacks.

After Cancellato went public, two more Italians working with Mediterranea Saving Humans, an NGO that helps rescue immigrants, also reported being targets of Paragon spyware. Following these revelations, Paragon reportedly cut ties with its Italian government client.

What is Mercenary Spyware?

Mercenary spyware is commercial surveillance software developed by private companies (like NSO Group or Paragon Solutions) and sold to governments or law enforcement agencies. It is usually used to monitor individuals involved in journalism, activism, legal work, and political affairs. The most well-known example is Pegasus spyware developed by NSO Group, which can infect devices without any user interaction (zero-click attacks).

How Does Apple Detect These Threats?

Apple uses advanced threat detection algorithms, internal telemetry, and external security research (like Citizen Lab) to monitor unusual activity patterns on devices. When suspicious patterns linked to known spyware are detected, Apple sends “Threat Notification” alerts to affected users.

What Should You Do If You Receive a Threat Notification?

If you receive such a message:

  • Do not ignore it.
  • Immediately update your iPhone to the latest iOS version, as Apple regularly patches known vulnerabilities.
  • Enable Lockdown Mode (introduced in iOS 16), which provides extreme protection for high-risk individuals.
  • Contact cybersecurity experts or groups like Citizen Lab or Access Now’s Security Helpline for further assistance.

Why Is This Important for the Public?

Even if you are not directly targeted, this highlights:

  • The growing threat of digital surveillance worldwide.
  • The potential misuse of surveillance technologies by state actors.
  • The importance of digital rights, transparency, and privacy protections in today’s connected world.