WhatsApp and Apple issue new spyware warnings as researchers urge users at risk to enable device protections

WhatsApp and Apple have issued recent notifications warning users of targeted spyware activity, including cases linked to Paragon Solutions and its Graphite spyware. Researchers say such attacks against journalists and civil society have become routine and are urging at-risk users to enable opt-in protections such as Apple’s Lockdown Mode and similar features from Google and Meta.

Quick Facts

WhatsApp notified roughly 90 users that they had been targeted by Paragon Solutions
Apple sent threat notifications to a new group of iOS users
Forensic analysis confirmed two journalists were hit with Paragon’s Graphite spyware using a zero-click attack
Security researchers documented cases over 15 years of government hackers targeting and compromising journalists, human rights defenders, critics, and political opponents
Spyware operators can record phone calls, steal chat messages, access photos, activate camera and microphone, and track real-time location

WhatsApp has notified roughly 90 users that it believes they were targeted by Paragon Solutions, adding to a growing list of alerts from major tech platforms about commercial spyware used in targeted surveillance. The notifications, reported earlier this year, underscore how smartphone attacks aimed at journalists, human rights defenders and political dissidents have become a persistent threat rather than a rare exception.

Months after WhatsApp’s outreach, Apple sent threat notifications to a new group of iOS users. Forensic analysis later confirmed that two journalists were compromised by Paragon’s Graphite spyware in a so-called zero-click attack, which can infect a device without the victim tapping a link or opening an attachment.

Security researchers have documented more than a decade of cases—spanning roughly 15 years—in which government-backed hackers and spyware operators targeted and compromised members of civil society, including reporters, critics and political opponents. Once installed, spyware can enable attackers to record phone calls, steal messages, access photos, activate a device’s camera and microphone, and track real-time location—capabilities that make phones especially valuable targets because they can contain much of a person’s daily-life data.

In response, Apple, Google and Meta have introduced opt-in protections intended to reduce the risk of highly targeted attacks. Tech companies and security researchers have recommended that people who believe they may be at risk of government surveillance enable these features, which are designed to harden devices and accounts against sophisticated intrusion techniques.

Apple’s Lockdown Mode is among the most prominent options, adding protections by limiting certain functions. According to Apple, Lockdown Mode blocks most iMessage attachments by default, restricts link previews in iMessage, and blocks some fonts, images and web technologies in Safari; the company cautions that devices “won’t function like it typically does” when the setting is enabled. Citizen Lab has previously reported that Lockdown Mode stopped an attack using NSO Group’s Pegasus spyware, and Apple said as recently as March that it has never detected a successful attack on an Apple device with Lockdown Mode enabled.

Runa Sandvik, a security researcher cited by TechCrunch, said these defensive features are free, easy to enable and currently among the best available protections for people facing sophisticated spyware threats, noting they can be turned off if they interfere with everyday use.

Topics

Technology

#NSO Group #Graphite spyware #Lockdown Mode #WhatsApp notifications #government hackers #targeted surveillance #Pegasus #zero-click attack #Paragon Solutions #Citizen Lab #Safari protections #iMessage security #journalist safety #Apple threat notifications #spyware

Why This Matters

This matters because targeted spyware can silently turn a phone into a surveillance device, exposing messages, calls, photos, location, microphone and camera data without the user noticing. If you are a journalist, activist, government critic, or work with sensitive sources, enabling platform protections such as Apple Lockdown Mode, and checking for similar safeguards on Android, WhatsApp and Meta accounts, is a concrete step that can reduce risk. The alerts also show that major platforms are actively detecting and notifying victims, so users should treat such warnings as urgent and follow through with device hardening, account review, and expert support.

Timeline & Sources

May 23, 2026

Wire

TechCrunch published an article recapping phone/app security features intended to protect against spyware.

Sources

These special phone and app features can help protect you from spywaretechcrunchMediaMay 23, 2026