Since April 2025, Apple has sent multiple alerts in France warning that some users may have been targeted in complex spyware campaigns. CERT-FR says these attacks focus on journalists, activists, senior officials, and civil servants.
Jurgita Lapienytė, Editor-in-Chief of Cybernews, argues these threats are no longer confined to high-profile individuals. Her message: ordinary device users are just as vulnerable.
New research confirms her warning. An explosion in spyware investment, exponential growth in exposed datasets, and leaks of personal credentials combine to create a threat environment everyone must take seriously.
The Rise of The Spyware Industry
A recent report by the Atlantic Council, titled Mythical Beasts and Where to Find Them, mapped over 561 entities (vendors, suppliers, resellers, investors and more) across 46 countries active in the spyware market between 1992-2024.
One of the most notable findings: the United States is now the largest investor in commercial spyware. In 2024, twenty new U.S.-based investors entered the market, raising the total number of American backers to 31 — more than Israel, Italy, or the UK.
Additionally, several new spyware vendors, brokers, and resellers have appeared in jurisdictions previously less visible, including in Japan, Malaysia, and Panama.
These findings illustrate what Lapienytė called the expansion of the spyware industry beyond government actors, into a global market driven by investors and intermediaries who profit from surveillance tools.
Targets: From High Profile to Regular Users
CERT-FR’s alerts highlight the classic threat cases: journalists, civil society actors, lawyers. These are people with sensitive data, influence, or visibility, which makes them high value for threat actors.
But new evidence from Cybernews shows that the same vulnerabilities – zero-day flaws, memory corruption bugs, software with weak protection – are widespread. Many ordinary people use the same devices, the same apps, and often the same operating systems as public officials.
One of the clearest signals is a massive credential leak discovered by Cybernews researchers. Over 30 separate datasets, some containing billions of login credentials, exposed a total of 16 billion username/password pairs. These credentials came from across social media, email, developer platforms, VPNs — many of them likely collected by infostealer malware.
The leak shows that many credentials are reused, or old ones recycled, but more worryingly some are fresh; once exposed, they can be used to mount phishing, identity theft, or credential-stuffing attacks. Lapienytė has warned that such “weaponisable intelligence at scale” is becoming common.
Another case: Cybernews and researcher Bob Dyachenko uncovered an unprotected Elasticsearch index containing sensitive personal data tied to Georgia’s population. The records included phone numbers, national identifiers, and other personal data on millions — more than the actual census figure for Georgia in some instances.
Understanding The Threat Vectors
Some spyware campaigns still use zero-click exploits: vulnerabilities that can be triggered without user interaction. These are highly prized by threat actors because victims may never see anything suspicious. Lapienytė has emphasised such stealth techniques in her op-ed.
Beyond that, many threats aren’t specifically targeted — they are opportunistic. Infostealer malware, credential leaks, unsafe server misconfigurations affect millions at once.
Spyware vendors are increasingly hiding behind shell companies, brokering through resellers, or using holding companies across jurisdictions to evade oversight. The Atlantic Council report identified increasing activity in such broker/reseller channels.
The Human Cost & Implications
For high-profile targets, the consequences are obvious: potential exposure of sensitive sources, human rights abuses, even lives in danger. For ordinary users, the costs are more pervasive but still serious: financial loss, fraud, extortion, identity theft, exposure of private communications.
Lapienytė describes spyware as a violation of basic human rights — once someone controls your device, they control your data, your privacy, and potentially your autonomy.
Policy implications ripple outward: governments struggle to regulate spyware and its resellers; platform vendors must constantly patch zero-day flaws; ordinary people must adopt defensive practices — but many don’t even know about these threats or haven’t resources to protect themselves.
What Can Be Done — Practical and Policy Responses
By Individuals:
- Regularly update devices and apps.
- Use multi-factor authentication (MFA) wherever possible.
- Limit app permissions; remove apps you no longer use.
- Use privacy-focused apps and encrypted communication.
- Watch for telltale signs of compromise: unusual battery drain, unfamiliar apps, spikes in data usage.
By Companies & Platforms:
- Audit for vulnerabilities, especially zero-click or memory corruption exploits.
- Harden default security settings.
- Improve transparency about threat notifications (e.g. Apple’s warnings in France).
By Governments & Regulators:
- Tighten regulation around spyware vendors, brokers, and resellers.
- Require investor transparency and beneficial ownership disclosure.
- Expand sanctions or export controls to cover spyware tools and components.
- Promote international cooperation (UN, EU, etc.) to define misuse of spyware and enforce cross-border accountability.
Conclusion
Cybernews, under its editor-in-chief Jurgita Lapienytė, has repeatedly sounded the alarm: the line between high-profile targets and ordinary citizens is disappearing.
What was once a fight mostly among governments, activists, and journalists is now one that every person with a smartphone or internet account must consider.
We live in a time where our devices may be compromised without any click, our passwords may be exposed without our knowledge, and our personal data may be part of massive leaks. Lapienytė’s call is simple: recognize the risk. Protect yourself. Demand accountability. The future of privacy depends on it.
References & Links
- Atlantic Council, Mythical Beasts and Where to Find Them: Mapping the Global Spyware Market and Its Threats to National Security and Human Rights. Atlantic Council
- Cybernews, “16 Billion Credentials Exposed in Colossal Data Breach.” Cybernews
- Cybernews & Bob Dyachenko, “Entire Georgian Country Population Exposed in a Massive Personal Data Leak.” Cybernews
- Cert-FR / Apple spyware campaign alerts in France. The Hacker News
