Apple has expanded its bug bounty program by doubling the maximum reward to $2 million for reporting zero-click remote compromise vulnerabilities, with potential payouts exceeding $5 million through bonuses. The program, which has awarded $35 million since its inception in 2020, also introduces new categories and increased rewards for various types of attacks, aiming to incentivize security researchers to report critical vulnerabilities. Additionally, Apple plans to distribute secured iPhone 17 devices to civil society organizations at risk of spyware attacks in 2026.

Russian malware known as Spypress is exploiting vulnerabilities in webmail services to spy on Ukrainian users, particularly targeting Gmail and Yahoo accounts. The malware facilitates unauthorized access to sensitive information, raising significant security concerns amid ongoing conflict.

Russian spyware known as Clayrat is rapidly spreading and evolving, posing significant threats to cybersecurity. According to Zimperium, the malware is becoming increasingly sophisticated, making it crucial for users and organizations to remain vigilant against potential attacks.

Insikt Group has uncovered new infrastructure related to the Candiru spyware vendor, revealing eight operational clusters linked to its DevilsTongue malware. The report highlights ongoing threats from mercenary spyware, emphasizing the need for heightened security measures and regulatory action as the spyware market evolves and targets individuals of high intelligence value.