A House Democrat who’s been at the forefront of congressional efforts to scrutinize the federal government’s use of commercial spyware wants the Commerce Department to brief Capitol Hill amid apprehension that the Trump administration might further embrace the technology.

Rep. Summer Lee, D-Pa., sent a letter to the department Thursday seeking a briefing on several developments stemming from Immigration and Customs Enforcement acknowledging its use of Paragon’s Graphite spyware, as well as an American company purchasing a controlling stake in Israel’s NSO Group. The Commerce Department sanctioned NSO Group under former President Joe Biden after widespread abuse allegations, including eavesdropping on government officials, activists and journalists.

“The Trump Administration appears to be broadly receptive to using commercial spyware to infiltrate cell phones and allowing U.S. investment in sanctioned spyware companies like NSO Group,” Lee wrote in her letter to Commerce Secretary Howard Lutnick, which CyberScoop is first reporting.

NSO Group’s new executive chairman, David Friedman, is a former Trump ambassador to Israel and was his bankruptcy attorney. He has said in November that he expects the administration will be “receptive” to using NSO Group tech.

“Given those close ties between NSO Group and the Trump Administration, and the serious concerns about how NSO’s technology could be used to spy on Americans, we write to request information regarding the purchase of NSO Group by an American company and the potential usage of NSO Group spyware by federal law enforcement,” wrote Lee, who sits on the Oversight and Government Reform panel and is the top Democrat on its Federal Law Enforcement Subcommittee.

Lee was one of the authors of a recent Democratic letter seeking confirmation of ICE’s use of Paragon’s Graphite, which ICE acknowledged. But they criticized the administration for not answering all their questions, in addition to being outraged.

In her latest letter, Lee asked the Commerce Department to brief Oversight and Government Reform Committee staff about internal department deliberations, Commerce communication with the White House and any outside conversations — including with Friedman — about government use of NSO Group technology or any other commercial spyware, and American investment in NSO.

NSO Group “appears to view the Trump administration as friendly to its interests in the United States, pitching itself as a vital tool for the U.S. government to safeguard national security,” Lee wrote, citing company court filings that it “is reasonably foreseeable that a law enforcement or intelligence agency of the United States will use Pegasus.”

The Biden administration sanctions, and court losses in a case against Meta, represented setbacks for NSO Group’s ambitions. And prior to the U.S. investment firm controlling stake purchase last fall, the Commerce Department under Trump rebuffed efforts to remove NSO Group from its sanctions list.

But the tens of millions of dollars worth of investment, following news that Israel had used Pegasus to track people kidnapped or murdered by Hamas, was a boon.

NSO Group maintains that its products are designed only to help law enforcement and intelligence fight terrorism and crime, and that it vets its customers in advance as well as investigates misuse. News accounts and other investigations have turned up a multitude of abuses.

There have been scattered reports of U.S. flirtation with using NSO Group technology. The FBI acknowledged it had bought a Pegasus license, but stopped short of deploying it. The Times of London reported that “it is believed” the Central Intelligence Agency used Pegasus spyware as part of a rescue mission last month for a U.S. airman downed in Iran.

You can read the full letter below.

The post One House Democrat is pressing Commerce on the government’s spyware use appeared first on CyberScoop.

WhatsApp unveiled a lockdown-style feature on Tuesday similar to those offered by other tech providers aimed at blocking sophisticated cyberattacks, with spyware in mind.

The “Strict Account Settings” feature will roll out in the coming weeks and once enabled, will allow users to limit features in certain ways, such as blocking attachments and media from others not in a user’s contact list.

“We will always defend that right to privacy for everyone, starting with default end-to-end encryption,” WhatsApp said in a blog post. “But we also know that a few of our users — like journalists or public-facing figures —  may need extreme safeguards against rare and highly-sophisticated cyber attacks.”

WhatsApp has been fighting a legal battle against NSO Group stemming from the 2019 installation of the company’s Pegasus spyware on an estimated 1,400 WhatsApp users. Meta, WhatsApp’s parent company, has scored some wins in that court fight.

The WhatsApp feature “sounds like an excellent addition” to features like Apple’s Lockdown Mode and Memory Integrity Enforcement, as well as Google’s Advanced Protection, said Natalia Krapiva, senior tech legal counsel at the digital civil rights group Access Now.

“It is encouraging to see more companies enabling advanced security features to protect high risk users from spyware,” Krapiva said. “While litigation is an essential tool in combating spyware, due to the high costs and jurisdictional hurdles, it may not be accessible to most victims.

“Introducing measures like this that are free and do not require advanced technical knowledge could help stop spyware harms and prevent them from happening in the future for millions of users, especially journalists, activists, and human rights defenders,” she said.

Users can enable the feature by going to Settings > Privacy > Advanced.

The post WhatsApp releases account feature that looks to combat spyware appeared first on CyberScoop.

NSO Group argued in a court filing this week that the court should pause the permanent injunction preventing it from targeting WhatsApp with its spyware while the company appeals the decision. According to the company, enforcing the injunction would cause irreparable harm to its business and prevent the U.S. government from using its products.

Those were just two of the arguments NSO Group employed in its motion to stay on Wednesday. The second argument coincides with the vendor’s recent decision to tap an ex-U.S. envoy to Israel from the first Trump administration as its executive chairman, and its confirmation of U.S. investors purchasing the company.

NSO Group repeated its claim that the Northern District Court of California’s decisions  could effectively shut down the company, which makes Pegasus spyware. “NSO will suffer irreparable, potentially existential injuries if the injunction is not stayed,” it says.

But the company dived further into its reasoning. The injunction, it argues, requires the defendants to destroy code that accesses or uses the WhatsApp platform.

“The deletion and destruction of computer code and technologies cannot be undone or remedied by money damages — once these are gone, they are gone,” the NSO Group motion contends. “And the injunction prohibits NSO from engaging in entirely lawful conduct to develop, license, and sell products used in authorized government investigations — a prohibition that would devastate NSO’s business and could well force it out of business entirely.”

In the meantime, NSO Group’s competitors would have no such restrictions, the motion states. And, it says, the injunction “apparently bans NSO from selling or maintaining any technology to collect information from user devices if the target information comes from WhatsApp — even if the collection method never touches WhatsApp servers.” The effect would be to halt any NSO Group business during its appeal, the company argues.

NSO Group also maintains that the injunction goes against one of the pertinent laws in the case, the main federal anti-hacking statute: The Computer Fraud and Abuse Act.

The law “expressly excepts from the CFAA’s prohibitions ‘any lawfully authorized investigative, protective, or intelligence activity of a law enforcement agency of the United States . . . or of an intelligence agency of the United States,’” the motion states. 

A stay is in the public interest because of Pegasus’ use in combating crime in terrorism, the company added.

“Because the Court refused to carve U.S. law-enforcement operations out of the permanent injunction, that injunction would prevent the FBI (or any other U.S. or state law enforcement or intelligence agency) from entering into another such license for any existing version of Pegasus,” the motion reads. “Regardless of whether the FBI or any other U.S. government agency has made direct, operational use of the system in the past, allowing the injunction to go into effect would thus deprive U.S. law enforcement of the ability to use the system in the future.“

The FBI once purchased a license for Pegasus and reportedly flirted with deeper involvement with NSO Group.

The second Trump administration earlier rebuffed an attempt by NSO Group to get the company removed from a Commerce Department trade blacklist. That decision came before the company’s recent U.S.-flavored moves, however.

The post NSO Group argues WhatsApp injunction threatens existence, future U.S. government work appeared first on CyberScoop.

A new commercial-grade spyware has apparently been targeting Samsung Galaxy phones in the Middle East, but it’s not clear who’s behind it, researchers said in a blog post Friday.

Whoever’s responsible, they seized upon a previously unknown, unpatched vulnerability known as a zero-day — a flaw Samsung has since closed, the researchers from Palo Alto Networks’ Unit 42 said.

The company dubbed the spyware “Landfall.” The research indicates potential targets in Iran, Iraq, Morocco and Turkey, the blog post states. It’s a campaign that has been underway since at least the middle of 2024, pointing to the spyware’s ability to remain hidden.

Landfall is embedded in malicious DNG image files that seem to have been sent via WhatsApp, although there is no indication of any new vulnerability with that messaging platform. WhatsApp has been fighting spyware on another front, in a ground-breaking legal battle against leading spyware vendor NSO Group.

It doesn’t appear to require any interaction with victims, a kind of exploit called “zero-click.” Once it infects a phone, Landfall has the kind of sweeping surveillance capabilities found in spyware sold by industry vendors, capable of activating microphone recording or collecting photos and contacts.

“We believe the focus on Samsung Galaxy devices stems from the attackers exploiting a Samsung-specific image-processing zero-day, so the tooling was built for that environment,” Itay Cohen, senior principal researcher at Unit 42 told CyberScoop in an emailed comment. “That said, we think we’re only seeing part of the activity. This isn’t isolated — this campaign delivering LANDFALL appears to be part of a broader DNG exploitation wave that also hit iPhone devices via a different zero-day. It’s also possible that other mobile vendors were targeted using undiscovered vulnerabilities to deliver the same or similar implants.”

The spyware specifically targets S22, S23, S24 and Fold/Flip Samsung devices.

There are some potential clues as to who might be involved, but all of them are inconclusive, Palo Alto Networks said.

Landfall’s command and control infrastructure and domain registration patterns share similarities with a group known as Stealth Falcon, which has suspected links to the United Arab Emirates government.

“As of October 2025, except in infrastructure, we have not observed direct overlaps between the mobile campaigns of LANDFALL and the endpoint-based activity from Stealth Falcon, nor direct strong links with Stealth Falcon,” Palo Alto Networks wrote. “However, the similarities are worth discussion.”

Samsung did not immediately respond to a request for comment.

The post New Landfall spyware apparently targeting Samsung phones in Middle East appeared first on CyberScoop.