Governments and Tech Giants Unite Against Commercial Spyware
Over 25 governments and 14 tech companies vowed to fight against the proliferation of commercial spyware
Spyware coverage examines reported incidents, technical analysis, infrastructure, disruption efforts, and defensive guidance on unauthorized monitoring.
Search across headline titles and summaries.
Background for this topic.
Spyware is malicious software that covertly monitors a device or user and sends collected information to an unauthorized party. Depending on its capabilities, it may capture keystrokes, credentials, messages, files, browsing activity, or location data, and may use microphones or cameras when permissions or vulnerabilities allow it. The term covers both broadly distributed malware and more specialized surveillance tools, so reporting should identify a family or tool only when evidence supports it.
Spyware commonly reaches systems through deceptive applications, malicious attachments, bundled software, or exploitation of unpatched software; the relevant exposure depends on the reported case. Security teams should prioritize timely vulnerability and application updates, restrict installation and permissions, and use endpoint or mobile telemetry to detect unusual collection or outbound connections. Suspected infections require isolation and evidence preservation, followed by credential rotation from a trusted device and assessment of what privacy-sensitive data may have been accessed. These findings can also inform legal or regulatory handling where monitoring involved personal or confidential information.
Over 25 governments and 14 tech companies vowed to fight against the proliferation of commercial spyware
A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses
'Almost zero data being shared across the industry on this particular threat,' we're told The commercial spyware economy – despite government and big tech's efforts to crack down – appears to be booming.…
France, the UK, the US, and others will work on a framework for the responsible use of tools like NSO Group's Pegasus, and Shadowserver Foundation gains £1 million investment.
The United States ramped up pressure on the commercial surveillance industry shortly before the United Kingdom and France convened a two-day meeting dubbed the Pall Mall Process intended to culminate in an international agreement limiting the proliferation of advanced spyware.
Commercial spyware vendors (CSV) were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group (TAG) discovered in 2023 and used to spy on devices worldwide. [...]
The US government will deny visas to those involved in misusing spyware
Private spyware vendors were behind nearly half of all zero-day exploits in Google products since 2014.
The U.S. State Department said it's implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use of commercial spyware to surveil civil society members
Secretary of State Antony J. Blinken announced today a new visa restriction policy that will enable the Department of State to ban those linked to commercial spyware from entering the United States. [...]
As the Middle East nation enforces strict cybercrime laws, citizens face crackdowns on free speech with nearly three dozen journalists and lawyers targeted with the NSO Group's spyware.
The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab