Two of the world’s largest tech companies—Apple and Google—have issued fresh warnings to users across the globe, revealing that a large-scale wave of sophisticated hacking campaigns is actively targeting individuals in more than 150 countries. The alerts, delivered just days apart, highlight a growing surge in state-backed and commercial spyware operations capable of compromising devices without any user interaction.
The warnings center on dangerous surveillance tools, including the notorious Predator spyware developed by the Intellexa consortium—a vendor that has been sanctioned by the U.S. government and repeatedly linked to high-level cyber intrusion incidents.
Apple Sends New Round of Global Threat Notifications
On December 2, Apple dispatched its latest batch of security threat notifications to individuals it believes are being targeted by government-backed actors. These alerts have become part of Apple’s ongoing strategy to warn users when it detects signs of highly sophisticated attacks—particularly those engineered to compromise iPhones through undisclosed security vulnerabilities.
Apple declined to specify which governments or groups were behind the newest wave of attacks and did not confirm the total number of affected users. However, the company emphasized that the scale is unprecedented. According to the notification, Apple has now issued alerts in more than 150 countries, demonstrating how widely distributed these espionage efforts have become.
Apple’s warnings are traditionally sent only in cases involving exceptionally advanced threats—often involving spyware designed to bypass device protections and install itself silently. The messages typically advise users to take immediate steps to secure their accounts and devices, including enabling Lockdown Mode, updating software, and remaining alert to unusual prompts or links.
Google Follows With Warnings About Predator Spyware
One day after Apple’s announcement, Google issued its own alert concerning a new series of targeted attacks tied to the Predator spyware platform. Google’s threat researchers say this particular wave has focused on “several hundred accounts” across multiple countries, naming Pakistan, Kazakhstan, Angola, Egypt, Uzbekistan, Saudi Arabia, and Tajikistan among the affected.
The alert was published through Google’s Threat Intelligence Group—formerly known as the Threat Analysis Group—which has tracked Predator’s activity for years. Google described Intellexa, the vendor behind Predator, as a commercial cyber-intelligence provider that continues to operate despite global sanctions. The company stated that Intellexa is “evading restrictions and thriving,” indicating that sanctions alone have not slowed the spread or evolution of its tools.
Intellexa’s Record: Zero-Day Exploits and Surveillance Networks
Intellexa has rapidly become one of the most aggressive suppliers of surveillance technology in the world, frequently identified exploiting zero-day vulnerabilities—security flaws that are unknown to device manufacturers at the time they are used.
Since 2021, Google’s team has connected Intellexa to 15 separate zero-day vulnerabilities found across mobile browsers and operating systems. All 15 were eventually patched, but the discovery pattern shows how deeply embedded the spyware industry has become within the global cybersecurity landscape. These vulnerabilities often enable attackers to compromise a device simply by sending the target a link or directing them to a malicious web page.
One of the most prominent examples occurred in 2023 during an operation targeting individuals in Egypt. Researchers from Google and Citizen Lab uncovered a full iOS exploit chain, beginning with a Safari vulnerability and continuing through a custom-built framework known internally as “smack.” This chain allowed Predator to be installed silently on iPhones without requiring the user to tap, click, or download anything—an attack style commonly referred to as a “zero-click exploit.”
How Predator Works: From Taking Photos to Recording Calls
Once installed, Predator gives attackers extraordinary access to a device. According to research findings, the spyware can activate a smartphone’s camera and microphone, log keystrokes, extract passwords, read messages, and track the victim’s location. Intellexa’s system uses multiple components, including “helper” and “watcher” modules.
The helper module assists in managing the spyware’s operations, while the watcher module acts as a defensive layer that continuously scans the device for signs of detection. It looks for jailbreaking tools, antivirus applications, and any unusual activity that could indicate a researcher or security professional probing the system. If the spyware senses an investigation, it can shut down or self-delete to avoid capture.
This sophisticated design is a hallmark of modern commercial spyware providers, who often develop tools comparable to those used by national intelligence agencies.
Recent Apple Patches Highlight Critical Vulnerabilities
The new wave of alerts comes on the heels of emergency software updates released by Apple in recent weeks. These patches—rolled out across nearly all of Apple’s major platforms—were designed to fix critical vulnerabilities that could allow attackers to run malicious code simply through crafted web content.
The updates included fixes for:
-
iOS and iPadOS 17.7.2 and 18.1.1
-
macOS Sequoia 15.1.1
-
visionOS 2.1.1
-
Safari 18.1 and 18.1.1
Two of the patched vulnerabilities were found in WebKit and JavaScriptCore, the underlying engines responsible for rendering web pages and executing scripts. Apple warned that the flaws may have been exploited “on Intel-based Macs,” suggesting that attacks had already been observed in the wild.
These vulnerabilities had the potential to expose sensitive data, enable remote hijacking of a device, or install spyware through nothing more than a malicious webpage. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert urging Americans to install the updates immediately, warning that attackers could “take control of an affected system.”
Why These Alerts Matter: A Strategy to Push Back Against Spyware Abuse
Researchers say Apple’s and Google’s threat notifications are more than simple warnings—they are part of a broader effort to disrupt spyware networks and protect targeted individuals. According to Citizen Lab’s John Scott-Railton, these notifications “impose real costs on cyber spies” by alerting victims, prompting investigations, and increasing public scrutiny.
In many cases, threat notifications have triggered deeper inquiries by journalists, international organizations, and human rights groups. Previous waves of alerts sent to international politicians, dissidents, journalists, and activists have pushed regulators to open investigations and demand accountability.
In the European Union, the exposure of spyware operations targeting top officials has led to formal inquiries. Lawmakers across the region have since introduced measures to regulate the commercial spyware market and require transparency from vendors operating on European soil.
Google’s Expanded Defensive Measures
Beyond sending individual alerts, Google is taking wider action aimed at reducing the reach of Intellexa’s network. The company recently added multiple domains associated with Intellexa to its Safe Browsing service, which automatically blocks access to known malicious websites across Chrome and many other browsers.
Google also committed to sending government-backed attack warnings to all known targeted accounts linked to Intellexa customers since 2023. This covers several hundred users and is designed to notify anyone potentially affected by past or ongoing Predator operations.
A Growing Global Crisis in Digital Surveillance
Apple’s and Google’s warnings underscore the reality that commercial spyware is no longer a niche threat—it is a widespread and rapidly growing global crisis. Once accessible only to elite intelligence agencies, these surveillance tools have become available to governments around the world, including those accused of targeting journalists, activists, dissidents, and political opponents.
The expansion of these tools has heightened concerns about digital repression, privacy violations, and the erosion of civil liberties. Both companies have called on governments to place stricter controls on the commercial spyware industry, while researchers argue that public transparency and rapid disclosure of threats are essential to curbing abuse.
What Users Should Do Now
While Apple and Google have not revealed the full scope of the current campaign, both companies emphasize that device owners should:
-
Install the latest security updates immediately
-
Enable extra security protections such as Apple’s Lockdown Mode or Google’s Advanced Protection Program
-
Be cautious with links, attachments, and unknown contacts
-
Regularly monitor account activity for signs of unauthorized access
For most users, the likelihood of being targeted by Predator-style spyware is extremely low. However, for journalists, activists, political figures, and individuals working in sensitive sectors, these notifications may serve as the first warning that they are under digital surveillance.
As Apple and Google continue to battle against state-sponsored hackers and private surveillance firms, the global struggle over privacy and digital security is expected to intensify. With more than 150 countries now affected, the fight against commercial spyware has become one of the defining cybersecurity challenges of the decade.
Emily Johnson is a critically acclaimed essayist and novelist known for her thought-provoking works centered on feminism, women’s rights, and modern relationships. Born and raised in Portland, Oregon, Emily grew up with a deep love of books, often spending her afternoons at her local library. She went on to study literature and gender studies at UCLA, where she became deeply involved in activism and began publishing essays in campus journals. Her debut essay collection, Voices Unbound, struck a chord with readers nationwide for its fearless exploration of gender dynamics, identity, and the challenges faced by women in contemporary society. Emily later transitioned into fiction, writing novels that balance compelling storytelling with social commentary. Her protagonists are often strong, multidimensional women navigating love, ambition, and the struggles of everyday life, making her a favorite among readers who crave authentic, relatable narratives. Critics praise her ability to merge personal intimacy with universal themes. Off the page, Emily is an advocate for women in publishing, leading workshops that encourage young female writers to embrace their voices. She lives in Seattle with her partner and two rescue cats, where she continues to write, teach, and inspire a new generation of storytellers.
