CyberSecurityBoard
Sponsor Register Login

Paragon Spyware Exploited WhatsApp Zero-day Vulnerability to Attack High-value Targets

Researchers have uncovered extensive evidence linking Israeli firm Paragon Solutions to a sophisticated spyware operation that exploited a zero-day vulnerability in WhatsApp to target journalists and civil society members. The investigation confirmed the presence of a unique forensic artifact dubbed “BIGPRETZEL” on multiple devices, which WhatsApp confirmed is associated with Paragon infections. The investigation revealed suspected Paragon deployments across multiple countries, including Australia, Canada, Cyprus, Denmark, Israel, and Singapore. This case challenges Paragon’s claims of having developed an abuse-proof business model, demonstrating that commercial spyware, even when sold to democratic governments, remains vulnerable to misuse against legitimate civil society actors. Researchers shared their infrastructure analysis with Meta, which proved “pivotal” to the company’s ongoing Paragon investigation. Established in Israel in 2019, Paragon Solutions was founded by notable figures, including former Israeli Prime Minister Ehud Barak and Ehud Schneorson, former commander of Israel’s Unit 8200 intelligence unit. Forensic analysis revealed an attempt to infect his iPhone with novel spyware in June 2024, which Apple confirmed they patched in iOS 18. The company markets its Graphite spyware as a more targeted tool that accesses messaging applications rather than taking “complete control” of devices like NSO Group’s notorious Pegasus spyware. When received, the victim’s device would automatically process the PDF, exploiting the vulnerability to load the Graphite spyware implant into WhatsApp without any user interaction. A related case involved David Yambio, founder of Refugees in Libya, who received an Apple notification about spyware targeting in November 2024. Following the investigation, WhatsApp notified approximately 90 potential victims and confirmed the attack was mitigated. On January 31, 2025, WhatsApp notified approximately 90 accounts believed to have been targeted by Paragon’s spyware. Multiple WhatsApp notification recipients in Italy consented to forensic analysis of their devices. After initial denials, the Italian government eventually confirmed it was a Paragon customer, though officials denied targeting journalists and activists. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 20 Mar 2025 12:00:08 +0000


Cyber News related to Paragon Spyware Exploited WhatsApp Zero-day Vulnerability to Attack High-value Targets

Paragon Spyware Exploited WhatsApp Zero-day Vulnerability to Attack High-value Targets - Researchers have uncovered extensive evidence linking Israeli firm Paragon Solutions to a sophisticated spyware operation that exploited a zero-day vulnerability in WhatsApp to target journalists and civil society members. The investigation confirmed ...
21 hours ago Cybersecuritynews.com
ICE Signs $2 Million Contract With Spyware Maker Paragon Solutions | WIRED - Measures have included placing spyware vendors like NSO Group and Intellexa on the so-called Entity List to prevent any US companies from doing business with them; enacting a visa restriction policy against multiple individuals “who have been ...
5 months ago Wired.com
WhatsApp patched zero-click flaw exploited in Paragon spyware attacks - Citizen Lab also mapped out the server infrastructure used by Paragon to deploy the Graphite spyware implants on targets' devices, finding potential links to multiple government customers, including Australia, Canada, Cyprus, Denmark, Israel, and ...
1 day ago Bleepingcomputer.com
Citizen Lab details ongoing battle against spyware vendors - Citizen Lab senior researcher Bill Marczak said that while the organization has achieved some important wins against spyware proliferation, the progress is inevitably hindered by vendors that continually adapt their technologies and practices. The ...
1 year ago Techtarget.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
9 months ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
Spyware isn't going anywhere, and neither are its tactics - The illegal use of spyware to target high-profile or at-risk individuals is a global problem, as highlighted by this article from The Register that Talos' Nick Biasini just contributed to. As we've written about, many Private Sector Offensive Actors ...
1 year ago Blog.talosintelligence.com CVE-2024-23222
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
1 year ago Darkreading.com CVE-2024-23222
Google says spyware vendors behind most zero-days it discovers - Commercial spyware vendors were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group discovered in 2023 and used to spy on devices worldwide. Zero-day vulnerabilities are security flaws the vendors of impacted software do not ...
1 year ago Bleepingcomputer.com
Intellexa and Cytrox: From fixer-upper to Intel Agency-grade spyware - Cisco Talos has a new, in-depth analysis of timelines, operating paradigms and procedures adopted by spyware vendor Intellexa. Talos' analysis revealed that rebooting an iOS or Android device may not always remove the Predator spyware produced by ...
1 year ago Blog.talosintelligence.com
US Uses Visa Restrictions in Struggle Against Spyware - The United States will impose visa restrictions on foreign individuals who have been involving the misuse of spyware, the latest effort by the Biden Administration to address the dangers of the commercial software that often is used by governments ...
1 year ago Securityboulevard.com
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
10 months ago Bleepingcomputer.com CVE-2024-27834
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
Intellexa Spyware Adds Persistence with iOS or Android Device - In the shadowy realm of commercial spyware, the spotlight turns to the notorious Intellexa spyware and its Predator/Alien solution, as dissected by Cisco Talos in their comprehensive May 2023 report. This expose navigates the labyrinthine intricacies ...
1 year ago Gbhackers.com
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
8 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
1 year ago Bleepingcomputer.com CVE-2023-42916 CVE-2023-42917
Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
9 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT29 BianLian
What is Spyware? How It Works and How to Protect Yourself Against It - Spyware is a type of malicious software that is designed to collect sensitive data from victims without their knowledge or consent. It is typically installed on computers without the user’s knowledge or consent, and collects sensitive information ...
2 years ago Heimdalsecurity.com
Is Your Organization Infected by Mobile Spyware? - The surge in mobile device usage within organizations has inevitably opened the floodgates to a new kind of cyber threat-mobile spyware. The growing dependence on mobile technology has made it imperative for organizations to recognize and mitigate ...
1 year ago Blog.checkpoint.com
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
1 year ago Bleepingcomputer.com
North Korean Kimsuky used a new Linux backdoor in recent attacks - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Threat actors exploited Palo Alto Pan-OS issue to deploy a Python Backdoor. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 ...
10 months ago Securityaffairs.com CVE-2022-38028 CVE-2020-3259 CVE-2023-22515 APT28 APT29 BianLian
newsletter Round 473 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
9 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-46747 CVE-2023-46748 CVE-2023-22515 APT29 Rocke BianLian
Google fixes first actively exploited Chrome zero-day of 2024 - Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year. The company fixed the zero-day for users in the Stable Desktop channel, with patched versions rolling out worldwide ...
1 year ago Bleepingcomputer.com CVE-2024-0519 CVE-2023-7024 CVE-2023-6345 CVE-2023-5217 CVE-2023-4863 CVE-2023-3079 CVE-2023-4762 CVE-2023-2136 CVE-2023-2033
Healthcare firm WebTPA data breach impacted 2.5M individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach ...
10 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT29 BianLian
Kaspersky Details Method for Detecting Spyware in iOS - Researchers with cybersecurity firm Kaspersky are detailing a lightweight method for detecting the presence of spyware, including The NSO Group's notorious Pegasus software, in Apple iOS devices. The new method, which calls for looking for traces of ...
1 year ago Securityboulevard.com
WhatsApp Hit with €55 Million Fine for Privacy Violations - WhatsApp is facing an €55 million privacy-related fine from the European Union’s data protection authority for allegedly violating the region's data protection laws. ...
2 years ago Thehackernews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)