Apple has once again warned its customers that their devices have been targeted by advanced mercenary spyware campaigns, according to France’s national Computer Emergency Response Team (CERT-FR).
CERT-FR, which operates under ANSSI (the National Cybersecurity Agency of France), is tasked with detecting, preventing, and mitigating cybersecurity incidents impacting public institutions and critical infrastructure. In a Thursday advisory, the agency confirmed that at least four separate Apple threat notifications have been issued since the start of the year.
Multiple Threat Notifications Sent Throughout 2025
The threat notifications were sent on March 5, April 29, June 25, and most recently on September 3. Apple issued them directly to users via phone numbers and email addresses linked to Apple IDs. Affected users also saw the warnings displayed at the top of the page when signing into their accounts at account.apple.com.
According to CERT-FR, the attacks reported in these notifications are highly sophisticated, frequently leveraging zero-day vulnerabilities or requiring no user interaction to succeed.
“These complex attacks target individuals because of their status or function: journalists, lawyers, activists, politicians, senior officials, members of management committees in strategic sectors, etc. Receiving a notification means that at least one of the devices linked to the iCloud account has been targeted and is potentially compromised,” CERT-FR said.
Recent Exploits Linked to Zero-Click Vulnerabilities
While CERT-FR did not specify the exact threats that triggered the alerts, Apple recently patched a critical zero-day vulnerability (CVE-2025-43300) that was exploited alongside a WhatsApp zero-click flaw (CVE-2025-55177) in what Apple described as an “extremely sophisticated attack.”
At the time, WhatsApp advised affected users to reset their devices to factory settings and ensure their operating systems were fully updated.
Apple’s Recommended Response for Targeted Users
Apple urges those who receive threat notifications to immediately enable Lockdown Mode, a security feature designed to limit the attack surface for highly targeted individuals. The company also recommends requesting emergency assistance through Access Now’s Digital Security Helpline for rapid response.
“Since 2021, we have sent Apple threat notifications multiple times a year as we have detected these attacks, and to date we have notified users in over 150 countries in total,” Apple said in a statement. The company emphasized that it does not attribute the attacks to any particular group or country.
An Apple spokesperson was unavailable for immediate comment at the time of publication.
