Apple has once again alerted users worldwide that their devices may have been compromised by sophisticated mercenary spyware attacks, with France's national cybersecurity agency CERT-FR confirming a new notification wave sent on September 3, 2025.
According to the CERT-FR report, the latest warnings represent the fourth major campaign this year, following previous alerts in March, April, and June. These complex attacks target individuals for their status or function: journalists, lawyers, activists, politicians, senior civil servants, members of management committees of strategic sectors, according to the French cybersecurity authority.
Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack, and should be taken very seriously, the company states.
The attacks utilize sophisticated tools like Pegasus, Predator, Graphite, and Triangulation—spyware variants that can infiltrate devices through zero-day exploits (previously unknown vulnerabilities) requiring no user interaction.
Apple's warning system, operational since 2021, has now notified users in over 150 countries across multiple campaigns. Most recently, Apple has notified victims in Iran, across Europe, India, and dozens of other countries of mercenary spyware attacks.
According to the Apple, the threat notifications appear as iMessages, email alerts, and banners when users log into their iCloud accounts, though the time between the attempted compromise and the receipt of the notification is several months, but remains variable.
The persistent threat highlights the ongoing surveillance arms race between tech companies and state-sponsored actors. France's President Emmanuel Macron reportedly switched phones in 2021 after his phone was targeted with NSO Group's Pegasus spyware, demonstrating how even world leaders remain vulnerable to these attacks.
Apple advises recipients to immediately contact cybersecurity authorities, preserve notification emails, and avoid device modifications that could hinder investigations. Key protective measures include enabling automatic security updates, activating Lockdown Mode (Apple's enhanced security feature), daily device restarts, and compartmentalizing personal and professional device usage.
The continued frequency of these warnings underscores the escalating sophistication of state-sponsored surveillance campaigns targeting civil society, with Apple serving as a crucial early warning system in an increasingly dangerous digital landscape.