Intermediaries Driving Global Spyware Market Expansion
Third-party resellers and brokers foil transparency efforts and allow spyware to spread despite government restrictions, a study finds.
Spyware coverage examines reported incidents, technical analysis, infrastructure, disruption efforts, and defensive guidance on unauthorized monitoring.
Search across headline titles and summaries.
Background for this topic.
Spyware is malicious software that covertly monitors a device or user and sends collected information to an unauthorized party. Depending on its capabilities, it may capture keystrokes, credentials, messages, files, browsing activity, or location data, and may use microphones or cameras when permissions or vulnerabilities allow it. The term covers both broadly distributed malware and more specialized surveillance tools, so reporting should identify a family or tool only when evidence supports it.
Spyware commonly reaches systems through deceptive applications, malicious attachments, bundled software, or exploitation of unpatched software; the relevant exposure depends on the reported case. Security teams should prioritize timely vulnerability and application updates, restrict installation and permissions, and use endpoint or mobile telemetry to detect unusual collection or outbound connections. Suspected infections require isolation and evidence preservation, followed by credential rotation from a trusted device and assessment of what privacy-sensitive data may have been accessed. These findings can also inform legal or regulatory handling where monitoring involved personal or confidential information.
Weekly headline count for the current query.
Third-party resellers and brokers foil transparency efforts and allow spyware to spread despite government restrictions, a study finds.
Rescinded sanctions and reactivated contracts have created confusion about the Trump administration's spyware policy and where it draws the line.
The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups.
Researchers detailed how Intellexa, Predator's owner, uses failed deployments and thwarted infections to strengthen its commercial spyware and generate more effective attacks.
While investigating the cyberattacks, researchers uncovered a new spyware product from Memento Labs, the successor to the infamous Hacking Team.
NSO Group must pay $4 million in damages and is permanently prohibited from reverse-engineering WhatsApp or creating new accounts after targeting users with spyware.
In a clever, messed-up twist on brand impersonation, attackers are passing off their spyware as a notorious UAE government surveillance app.
CERT-FR's advisory follows last month's disclosure of a zero-day flaw Apple said was used in "sophisticated" attacks against targeted individuals.
A "sophisticated" attack that also exploits an Apple zero-day flaw is targeting a specific group of iPhone users, potentially with spyware.
CVE-2025-43300 is the latest zero-day bug used in cyberattacks against "targeted individuals," which could signify spyware or nation-state hacking.
Citizen Lab director and founder Ron Deibert explained how civil society is locked in "vicious cycle," and human rights are being abused as a result, covering Israeli spyware, the Khashoggi killing, and an erosion of democratic norms in the US.
A swath of copycat Korean apps are hiding spyware, occasionally leading to highly personal, disturbing extortions.
A color picker for Google's browser with more than 100,000 downloads hijacks sessions every time a user navigates to a new webpage and also redirects them to malicious sites.
An unnamed customer of Paragon's Graphite product used the commercial spyware to target at least two prominent European journalists in recent months.
The $168 million judgment against NSO Group underscores how citizens put little store in the spyware industry's justifications for circumventing security — but will it matter?
The spyware company must pay the tech giant $168 million in punitive and compensatory damages after a 2019 attack targeting 1,400 devices.
The technology giant said two zero-day vulnerabilities were used in attacks on iOS devices against "specific targeted individuals," which suggests spyware or nation-state threat activity.
Nations continue to sign the Code of Practice for States in an effort to curb commercial spyware, yet implementation and enforcement concerns have yet to be figured out.
Threat actors are trolling online forums and spreading malicious apps to target Uyghurs, Taiwanese, Tibetans, and other individuals aligned with interests that China sees as a threat to its authority.
Neither security issue requires user interaction; and one of the vulnerabilities was used to unlock a student activist's device in an attempt to install spyware.