Since the original warning, Microsoft has released patches for multiple new vulnerabilities, including 120 flaws in May 2026 and 168 other vulnerabilities affecting SharePoint and other systems. Most critically, federal agencies (CISA) have now ordered government employees to patch a BlueHammer flaw that hackers are already actively exploiting as a zero-day (a previously unknown vulnerability being attacked before a fix exists). These developments show the threat landscape is actively evolving with new attack methods beyond the smartphone and messaging app risks initially reported.
Since the original warning, federal agencies have identified specific threat actors behind these attacks: Iranian cyber actors targeting U.S. networks and entities, Russian intelligence operatives focusing on messaging apps, and a group called Scattered Spider using evolving tactics to compromise systems. The FBI, CISA (Cybersecurity and Infrastructure Security Agency), NSA, and other federal partners have now issued coordinated public service announcements with detailed information about each threat group's methods and targets.
Your phone is becoming a prime target for hackers around the world. The FBI and CISA (a U.S. government cybersecurity agency) just issued urgent warnings about multiple hacking groups actively targeting Americans right now—through messaging apps, vulnerable networks, and social engineering attacks.
Who's being targeted? Anyone with a smartphone. But hackers are especially focused on government workers, business employees, and people at critical infrastructure companies like power plants and hospitals. One group called Scattered Spider uses a technique called social engineering (basically tricking people into handing over passwords) to break into company networks and install ransomware (a type of virus that locks your files until you pay money).
Russian intelligence agencies are specifically targeting messaging apps like WhatsApp, Telegram, and Signal to spy on conversations. Iranian hackers are exploiting unpatched software—think of patches like security updates your phone keeps asking you to install.
Here's what to do today:
First, update your phone immediately. Those annoying software updates? Install them. They close security holes hackers exploit.
Second, enable two-factor authentication (a second password or code beyond your main password) on everything important: email, banking apps, social media.
Third, stop clicking unknown links in texts or emails, even if they look official. Hackers impersonate banks and government agencies constantly.
Fourth, use strong, unique passwords—not your dog's name or birthday. A password manager app stores them safely for you.
Think of cybersecurity like locking your front door: one lock isn't enough, so you add a chain and a deadbolt. Each step makes you harder to target than the next person.
The bottom line: You can't stop hackers entirely, but following these four steps makes you a much less attractive target. Hackers go for easy prey.