Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Apple confirmed that Messages app flaw was actively exploited in the wild

Apple confirmed that a security flaw in its Messages app was actively exploited in the wild to target journalists with Paragon’s Graphite spyware. Apple confirmed that a now-patched vulnerability, tracked as CVE-2025-43200, in its Messages app was actively exploited in the wild to target journalists with Paragon’s Graphite spyware. The IT giant addressed the flaw […]

Apple Signal

Apple confirmed that a security flaw in its Messages app was actively exploited in the wild to target journalists with Paragon’s Graphite spyware.

Apple confirmed that a now-patched vulnerability, tracked as CVE-2025-43200, in its Messages app was actively exploited in the wild to target journalists with Paragon’s Graphite spyware.

The IT giant addressed the flaw CVE-2025-43200 on February 10, 2025, with the release of iOS 18.3.1, iPadOS 18.3.1iPadOS 17.7.5macOS Sequoia 15.3.1macOS Sonoma 14.7.4macOS Ventura 13.7.4watchOS 11.3.1, and visionOS 2.3.1. The same versions also addressed the WhatsApp vulnerability CVE-2025-24200 that was exploited in “extremely sophisticated” targeted attacks.

“A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link.” reads the advisory published by the company. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

The company addressed this vulnerability by implementing improved checks.

This week, Citizen Lab confirmed that Paragon’s Graphite spyware was used to hack fully updated iPhones, targeting at least two journalists in Europe. The group found forensic evidence showing the phones had communicated with the same spyware server. Apple quietly alerted the victims earlier this year, marking the first confirmed case of Paragon’s tools being used in real-world attacks.

On April 29, 2025, Apple alerted select iOS users of spyware targeting. Forensic analysis confirmed that two journalists, including Ciro Pellegrino, were infected with Paragon’s Graphite spyware. Both cases were linked to the same attacker. Apple has since patched the zero-click exploit used in the attack, now tracked the flaw as CVE-2025-43200, in iOS version 18.3.1.

Early this week, Paragon accused the Italian government of refusing its offer to help investigate spyware use against a journalist. The company said this led to its decision to end contracts in Italy. Paragon claimed it proposed a way to verify if its tools were misused, but authorities declined. This marks the first time a spyware firm publicly cut ties with a client over alleged abuse. Paragon confirmed the statement’s accuracy but declined further comment.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Graphite spyware)