Apple has alerted its users to a new series of spyware attacks, a warning confirmed by the French national Computer Emergency Response Team, known as CERT-FR. According to the agency, it has tracked four such alerts from Apple since early 2025. Apple has notified affected users of these sophisticated attacks via email, phone, and on account.apple.com, where the warnings also appear after logging in. The notifications were sent on March 5, April 29, June 25, and September 3.
The CERT-FR report clarifies what these alerts mean. The message indicates that at least one of the devices tied to an individual’s iCloud account has been targeted and could be compromised. Apple delivers these alerts through an iMessage and an email from threat-notifications@email.apple.com or threat-notifications@apple.com. An alert also shows up when the user logs into their iCloud account. While the time between a compromise attempt and the notification can vary, it is often several months.
Apple’s warnings have been sent out since 2021 to individuals targeted by advanced spyware like Pegasus, Predator, Graphite, and Triangulation. These attacks typically target high-risk groups, such as journalists, lawyers, activists, politicians, and business executives. A notification means that a device linked to an iCloud account was likely a target. The alerts arrive via iMessage, email, and a pop-up on the iCloud login page. While CERT-FR is monitoring known campaigns, it notes that this list is not exhaustive.
If you receive a notification from Apple, CERT-FR advises you to contact them, save the email, and avoid altering the device to preserve evidence. To lower your risk of a spyware attack, make sure to keep your devices updated and enable automatic updates. You should also separate personal and work devices, use Isolation Mode, and restart your device daily. It’s also important to follow good digital security practices like avoiding suspicious links, using strong passcodes, enabling two-factor authentication, and not installing untrusted apps.
While CERT-FR did not provide technical specifics on the recent attacks, their warnings highlight the ongoing threat of spyware. These highly sophisticated attacks often use zero-day vulnerabilities, which exploit previously unknown software flaws, and in many cases, they require no action at all from the user to compromise a device. This lack of user interaction makes the attacks particularly dangerous and difficult to detect without the aid of a service like Apple’s threat notification system.
Reference:
