Security warnings sent across 150+ countries following discovery of zero-click exploitation campaign
Apple and Google have issued one of the largest coordinated waves of security warnings in recent years after detecting widespread surveillance activity linked to Intellexa, a commercial spyware consortium associated with former Israeli intelligence officer Tal Dilian.
Intellexa is known as the developer of “Predator,” a mercenary spyware platform sold to government clients. The latest campaign appears to have targeted mobile users across more than 150 countries.
Zero-Click Exploitation: “Aladdin”
The most alarming component of the current activity is a newly reported exploit referred to as “Aladdin.”
According to available reporting, the exploit enables device compromise through a zero-click mechanism — meaning no interaction is required from the target. In some cases, simply displaying a malicious advertisement on screen was reportedly sufficient to trigger exploitation.
Zero-click attacks are particularly dangerous because they bypass traditional user awareness and eliminate common warning signs such as suspicious links or downloads.
Widespread Alerts and Investigation
Google confirmed that it had notified hundreds of potentially targeted users. Apple similarly issued threat notifications to individuals across dozens of countries.
European Union authorities have opened a formal investigation following confirmation that more than 15 zero-day vulnerabilities have been exploited since 2021, many of them affecting WebKit on iOS devices.
Despite being placed on the U.S. Commerce Department’s Entity List and facing ongoing investigations in Greece, Intellexa is reportedly continuing operations and active targeting.
Broader Implications
The scale of the alert campaign underscores how commercial surveillance tools have evolved into globally deployable cyber capabilities.
Modern mercenary spyware platforms no longer require phishing links or visible compromise chains. Instead, exploitation can occur silently and remotely — often without any observable indicators to the victim.
The latest wave reinforces a critical reality:
Mobile devices are now high-value intelligence targets, and sophisticated surveillance campaigns can reach users anywhere in the world — even without a single tap.