Google and Apple have issued urgent software updates after uncovering an active hacking campaign affecting an unknown number of users across their platforms.

On Wednesday, Google released patches for several security vulnerabilities in its Chrome browser, warning that one of the flaws had already been exploited by attackers before a fix was available. At the time, Google shared few details about the nature of the threat.

Two days later, the company updated its advisory to clarify that the vulnerability was identified by Apple’s security engineering team together with Google’s Threat Analysis Group. That unit typically tracks state-sponsored hacking activity and commercial spyware vendors, suggesting the exploit may be linked to a government-backed operation.

In parallel, Apple rolled out security updates across its ecosystem, including iPhones, iPads, Macs, Vision Pro, Apple TV, Apple Watch, and the Safari browser. In its advisory for iOS and iPadOS, Apple said it fixed two vulnerabilities and acknowledged that it was aware the issues “may have been exploited in an extremely sophisticated attack against specific targeted individuals” using devices running versions earlier than iOS 26.

This wording is commonly used by Apple when it has evidence that zero-day vulnerabilities were used in real-world attacks. Zero-days are security flaws unknown to software vendors at the time they are exploited. Such attacks are often associated with advanced surveillance operations, where journalists, activists, or political dissidents are targeted using spyware developed by specialized firms.

Neither Apple nor Google responded immediately to requests for comment.

Source