The French national Computer Emergency Response Team (CERT-FR), operated by the national cybersecurity agency ANSSI, has warned that Apple devices were targeted in a fresh series of mercenary spyware attacks. The advisory notes at least four threat notifications issued since the start of the year, sent to the phone numbers and email addresses linked to affected Apple accounts. The warnings also appear at the top of the user’s account page at account.apple.com.
According to CERT-FR, the alerts – issued on March 5, April 29, June 25 and September 3 – signal that at least one device linked to an iCloud account has been targeted and may be compromised. The agency described the attacks as highly sophisticated, with many exploiting zero-day vulnerabilities or requiring no user interaction, and noted that the campaigns targeted individuals based on their status or function, including journalists, lawyers, activists, politicians and senior officials.
Apple did not attribute the attacks to a specific group or region, but the company has previously warned of mercenary spyware campaigns and urged users to take protective steps. The cyberthreat landscape surrounding these incidents has included emergency software updates to address newly discovered flaws, and users have been advised to enable protections such as Lockdown Mode and to seek rapid-response security assistance when needed.
Security groups and researchers continue to monitor these operations, which are designed to compromise high-value targets. The advisory urges users to stay vigilant and to ensure their devices are up to date as part of a broader risk-management approach.
In its advisory, CERT-FR underscored the ongoing nature of these attacks and the importance of fast response measures. For those seeking immediate assistance in the wake of suspected intrusion, Apple also directs users to rapid-response security channels via its support ecosystem and to the Digital Security Helpline operated by Access Now’s Digital Security Helpline.