This week’s threat report: a zero-click spyware exploit targeting Apple devices, a critical privilege escalation vulnerability in IBM’s backup software, a data exfiltration flaw in Microsoft 365 Copilot.
Apple has patched a high-risk zero-click vulnerability (CVE-2025-43200) exploited by the Paragon spyware group, impacting journalists and activists across Europe. The flaw allowed attackers to deploy Graphite spyware via a malicious photo or video shared through iCloud Links.
Attack Method:
Utilised a logic flaw in iOS/iPadOS 18.2.1.
Required no interaction—media files triggered spyware installation silently.
Two journalists from Fanpage.it were confirmed victims; others across 100+ countries received Apple or WhatsApp alerts.
Impact:
Covert surveillance and data theft
Spoofing of system-level iMessage accounts
Highly evasive memory-resident spyware
Recommendation:
Update all Apple devices to iOS/iPadOS 18.3.1
Enable Lockdown Mode for high-risk users
If notified by Apple or WhatsApp, seek support from organisations such as The Citizen Lab, Access Now, or Amnesty Security Lab
IBM disclosed a critical flaw (CVE-2025-33108, CVSS 8.5) in its Backup, Recovery, and Media Services (BRMS) component affecting IBM i versions 7.4 and 7.5.
Technical Details:
Root cause: unqualified library calls in BRMS
Exploitable with minimal privileges but requires network access
Enables attackers to execute arbitrary code with elevated privileges
Impact:
Full system compromise of critical backup infrastructure
Risk to confidentiality, integrity, and availability of business data
Recommendation:
Apply IBM PTF SJ05906 (v7.4) or SJ05907 (v7.5) immediately
Restrict program compilation and restoration privileges
Monitor for unusual system-level activities
A newly disclosed zero-click vulnerability in Microsoft 365 Copilot, dubbed "EchoLeak" (CVE-2025-32711, CVSS 9.3), allows unauthorised data exfiltration without user interaction.
How It Works:
Exploits prompt injection via markdown in email content
Copilot parses malicious content and leaks sensitive data from internal SharePoint or Outlook context
No user action required—fully automated attack chain
Impact:
Leakage of sensitive corporate documents and discussions
Exploits LLM trust boundaries in AI-powered workflows
Recommendation:
Ensure Microsoft 365 Copilot is patched to the June 2025 update
Avoid untrusted markdown-rich content in emails
Monitor AI activity logs for anomalous prompts
Stay ahead of emerging cyber threats with real-time insights from our Threat Intelligence services. Our updates provide you with critical information on the latest vulnerabilities, attacks, and security trends. All designed to help you protect your business and make informed decisions. Contact us for more information.
Your first line of defence starts with staying informed - Sign Up to our weekly Threat Feed.