Apple has issued a stark warning to iPhone users across 100 countries, alerting them to the presence of mercenary-grade spyware potentially targeting their devices. While the company didn’t name the specific software, the nature of the threat strongly suggests Pegasus—the notorious surveillance tool developed by Israeli company NSO Group and known for its use by governments to infiltrate the phones of journalists, lawyers, political dissidents, and activists.
The warning is part of Apple’s threat notification system, a feature launched in 2021 to identify and alert users believed to be under surveillance by state-sponsored actors. Unlike typical malware, these attacks are highly targeted and designed to evade detection. As such, Apple sends notifications only when it has “high confidence” that a user is at risk.
Recent public confirmations of the alerts came from two individuals: Italian journalist Ciro Pellegrino and Dutch political activist Eva Vlaardingerbroek. Pellegrino reported receiving both an iMessage and an email from Apple confirming the threat. Vlaardingerbroek shared her notification publicly on social media, including a chilling excerpt: “This attack is likely targeting you specifically because of who you are or what you do… Apple has high confidence in this warning — please take it seriously.”
In response, Apple is urging affected users to immediately activate Lockdown Mode, a security setting found under Settings > Privacy & Security. Lockdown Mode disables many of the features most vulnerable to spyware attacks, such as link previews and web-based content in messaging apps. While restrictive, it provides the highest level of protection currently available on iOS.
Apple is also advising users to update their devices to the latest version of iOS—currently 18.4.1—and to apply updates across all Apple hardware they own. Additional recommendations include updating third-party messaging and cloud storage apps, changing passwords for sensitive accounts, and remaining cautious of other devices and platforms that may also be targeted.
Though Apple’s warning is not confirmation of infection, the company’s rare move to alert individuals in such a broad geographic range underscores the seriousness of the threat. Pegasus and similar spyware tools operate with precision, often requiring no user interaction to compromise a device. Once installed, these tools can access messages, camera feeds, location data, and other private information—without the victim ever realizing it.
While the company has taken legal action against NSO Group in the past and continues to enhance iOS’s built-in protections, the reality is that surveillance software has grown more sophisticated, and attacks more selective. For anyone notified, Apple’s message is clear: act quickly, update everything, and stay vigilant.
