UK WARNS: 100 COUNTRIES HAVE PHONE-HACKING SPYWARE
SECURITY DESK■ 2 MIN READ
WED, APR 22, 2026■ AI-SUMMARIZED FROM 1 SOURCE BELOW
The UK's cybersecurity chief has warned that businesses and critical infrastructure are underestimating threats from spyware, as more governments gain access to powerful surveillance technology than ever before.
The UK government has raised alarms over the widespread proliferation of spyware capabilities among nation-states. According to the nation's cybersecurity leadership, approximately 100 countries now possess access to advanced surveillance tools capable of infiltrating mobile devices.
The warning comes as UK businesses and critical infrastructure operators are accused of failing to adequately assess the risks posed by such attacks. The cybersecurity chief emphasized that the threat level has intensified due to the increased number of governments holding access to these technologies.
Spyware of this caliber—often referred to as "lawful intercept" tools—can grant attackers comprehensive access to phone data including messages, calls, location data, and sensitive files. The technology has traditionally been associated with authoritarian regimes, but its proliferation across a larger number of states represents a notable shift in the threat landscape.
The warning suggests that organizations have not kept pace with the evolving security challenges. Critical infrastructure sectors, including energy, finance, and communications, are particularly vulnerable if they have not implemented robust defenses against sophisticated surveillance threats.
This disclosure aligns with growing international concern over commercial spyware products, such as NSO Group's Pegasus, which have been documented as being used by multiple governments for surveillance purposes. The UK's assertion that 100 countries possess similar capabilities indicates either wider distribution of existing tools or development of domestic alternatives.
The UK government has not provided specifics on which countries possess the technology or how it plans to address the vulnerability. However, the warning serves as a call for enhanced cybersecurity measures across both private and public sectors.
Organizations are being advised to strengthen their security posture against mobile device compromise, including deployment of advanced threat detection systems and employee security training.
■ SOURCES
► TechCrunch■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE
■ MORE FROM THE SECURITY DESK
The UK's GCHQ estimates approximately 100 nations have acquired sophisticated cyber intrusion tools like Pegasus, signaling that access to advanced hacking technology is becoming increasingly widespread.
JUST NOW— Security Desk
Cosmetics retailer Rituals has confirmed a data breach affecting its customer membership database. The company, which maintains records for 41 million customers, has not disclosed the exact number of individuals impacted.
JUST NOW— Security Desk
Ofcom has launched a formal investigation into Telegram after receiving evidence that the messaging platform is failing to prevent the sharing of child sexual abuse material (CSAM). The probe follows the Online Safety Act requirements for UK communications regulators.
JUST NOW— Industry Desk
A new npm supply chain attack is harvesting developer authentication credentials and automatically spreading through packages published from compromised accounts. The attack demonstrates a concerning escalation in threats targeting the Node.js ecosystem.
2H AGO— AI Desk