According to Forbes, the U.S. Cybersecurity and Infrastructure Security Agency issued an urgent alert on November 24, 2025 warning that multiple cyber threat actors are actively using commercial spyware to target mobile messaging applications. This comes immediately after reports of Sturnus spyware effectively bypassing encryption to read private messages on Signal, Telegram and WhatsApp. CISA has now released updated Mobile Communications Best Practice Guidance with specific step-by-step instructions for both iPhone and Android users. The agency specifically warns that journalists, political activists, government employees, military personnel and others in high-risk categories should take immediate action. The guidance includes critical recommendations like enabling Lockdown Mode on iPhones and restricting app permissions across both platforms.
Why this matters
Here’s the thing about spyware – it’s not your average malware. We’re talking about sophisticated tools that can bypass even end-to-end encryption, which is supposed to be the gold standard for privacy. And the targets aren’t just random people. CISA is specifically calling out what they call “high-risk individuals,” which basically means if you work in sensitive fields or could be collateral damage in targeting someone more important, you need to pay attention.
The fact that this is coming from CISA, America’s actual cyber defense agency, should tell you something. This isn’t some random security company trying to sell you antivirus software. When they issue “urgent” guidance with specific dates and step-by-step instructions, it means they’re seeing real, active threats in the wild. The official alert makes it clear this isn’t theoretical.
What you should do
So let’s talk about the actual recommendations, because some of these are more impactful than others. Lockdown Mode on iPhone is basically nuclear option – it severely limits functionality to reduce attack surfaces. That means some websites won’t work properly, certain message types get blocked, and attachments get scanned to death. It’s not something most people will want to enable full-time, but if you’re in a high-risk situation, it might be necessary.
The other recommendations are more practical for everyday use. Disabling “send as text message” prevents your secure iMessages from falling back to vulnerable SMS. Using iCloud Private Relay protects your DNS queries from being snooped on. And reviewing app permissions? That’s just good hygiene that everyone should be doing regularly anyway. The full guidance document goes into much more detail for both platforms.
The bigger picture
What’s really concerning here is that we’re seeing commercial spyware becoming more accessible and effective. These aren’t nation-state tools that only governments can afford anymore. The fact that Signal, Telegram and WhatsApp – apps that millions rely on for private communication – are vulnerable should worry everyone.
But here’s the reality check: most people probably don’t need to go into full lockdown mode. The guidance is specifically aimed at high-risk individuals, and while it’s good security practice for everyone to review their settings, the average user isn’t likely to be targeted by this level of sophisticated spyware. Still, given how many industrial and business operations now rely on mobile devices for critical functions, it’s worth taking these warnings seriously. After all, when America’s top cyber defense agency speaks, it pays to listen.
