Apple has issued threat notifications to users across 100 countries, warning them that their devices may have been targeted by sophisticated commercial spyware. The alerts, sent earlier this week, were confirmed by at least two recipients, including Italian journalist Cyrus Pellegrino and Dutch political commentator Eva Vlaardingerbroek.
Pellegrino, a reporter with Fanpage, disclosed receiving the warning in a column published on Wednesday. He suggested that the attempted breach could be related to a wider wave of attacks involving Paragon spyware detected by WhatsApp earlier this year.
His colleague, Fanpage editor Francesco Cancellato, had also previously been targeted with the same spyware after publishing investigations critical of Italy’s ruling far-right party, Brothers of Italy, led by Prime Minister Giorgia Meloni.
Although the exact spyware used in these latest incidents remains unconfirmed, Pellegrino noted similarities with the Paragon-linked attacks. The WhatsApp security team had identified around 90 such cases in January, many involving individuals known for criticising Meloni’s government. Meloni has denied any association with the surveillance activity.
In a post on X (formerly Twitter), Vlaardingerbroek confirmed receiving Apple’s notification but said she had no information about who might be behind the intrusion attempt. “Someone is trying to intimidate me,” she wrote, adding, “It won’t work.”
Apple’s notification to victims warned that the attackers were likely targeting them because of “who you are or what you do.”
The company said it had “high confidence” in its findings, though it did not attribute the attacks to any specific actor or region. Apple has issued similar warnings periodically since 2021 as part of its broader threat detection program. According to a recent blog post by the company, users in over 150 countries have been notified of such threats to date.
The blog post described these spyware attacks as some of the most advanced digital threats currently in existence due to their global reach, high cost, and technical complexity. Apple did not respond to media queries regarding the latest round of notifications.
In his article, Pellegrino described the chilling moment he received the alert. Concerned about being monitored, he immediately signalled his wife to stay silent and placed his phone in a microwave—a commonly cited makeshift method for blocking signals—before discussing the alert. He warned about the intrusive nature of such surveillance software, which can operate without any interaction from the target.
“From the moment the phone is infected, the spyware operator has full access to the device, can read, see, and download everything,” he wrote. “Phones are the black boxes of our existence.”
The revelations come amid growing concerns over the use of commercial spyware by state and non-state actors, with journalists, activists, and political opponents often among the primary targets.
