Paragon ‘Graphite’ Spyware Linked to Zero-Click Hacks on Newest iPhones

Security researchers at Citizen Lab say they have hard forensic proof that commercial spyware maker Paragon could until recently compromise up-to-date iPhones, confirming infections on two journalists who were quietly warned by Apple earlier this spring. 

In a new report published Thursday, Citizen Lab documented the use of Paragon’s ‘Graphite’ mobile hacking platform against two journalists whose mobile device logs show both phones communicating with the same Graphite command-and-control server.

The server was observed interacting with an iMessage account the researchers dub ‘ATTACKER1’, evidence Citizen Lab says ties the operations to a single Paragon customer.

Apple shipped a patch to block the underlying zero-click exploit in February and catalogued it as CVE-2025-43200 in iOS 18.3.1, but Citizen Lab notes that the compromise periods (January through early February) make clear that the phones were breached while fully up to date at the time.

“Our forensic analysis concluded that ...