Apple and Google Alert Users Worldwide After New Spyware Activity Surfaces
Apple and Google confirmed last week that they have issued a new round of threat notifications to users around the world. The companies say these alerts are meant to warn people when there is evidence they have been targeted by malicious actors, often linked to governments or state-backed groups.
Apple told Reuters that the latest batch of warnings went out on Dec. 2, though the company did not reveal how many people were affected or which actors were believed to be behind the attempted intrusions. Apple only mentioned to Reuters that “to date we have notified users in over 150 countries in total.”
These notices are part of Apple’s long-running system of reaching out directly to individuals who may have been singled out in targeted hacking attempts. A day after Apple’s notifications, Google announced its own round of alerts, this time tied to the spyware vendor Intellexa, whose tools have been repeatedly linked to global surveillance operations.
Google’s Threat Intelligence Group (GTIG) said Intellexa is continuing to operate despite facing sanctions and industry scrutiny, explaining that the group was “evading restrictions and thriving.” Google said the latest wave of warnings covered “several hundred accounts across various countries, including Pakistan, Kazakhstan, Angola, Egypt, Uzbekistan, Saudi Arabia, and Tajikistan.”
These users were believed to have been targeted with spyware connected to Intellexa’s well-documented exploit chains of high-end hacking tools designed to break into modern smartphones using previously unknown vulnerabilities.
While Apple and Google rarely reveal who exactly is targeted, past investigations show that high-risk groups, such as journalists, human rights workers, political figures, often find themselves on the receiving end.
Intellexa’s tools keep evolving
GTIG emphasized how far Intellexa has managed to push its spyware operations, noting that commercial surveillance companies continue to operate with surprising freedom, highlighting the global challenge of curbing their influence.
“Intellexa has adapted, evaded restrictions, and continues selling digital weapons to the highest bidders,” Google noted.
GTIG said its research into Intellexa dates back years and shows that the vendor specializes in zero-day vulnerabilities affecting Safari, Chrome’s V8 engine, and other mobile components. Many of these flaws have been patched, but the company warns that Intellexa keeps finding fresh ways to exploit new ones.
The company also explained that ongoing work with partners has helped track Intellexa’s exploit chains, add related domains to Safe Browsing protections, and notify affected users going back to 2023.
A China-nexus cyber adversary, WARP PANDA, has emerged as one of the most technically sophisticated espionage groups targeting US organizations in 2025.
About Author
