Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue

This report details Intellexa’s sophisticated multi-stage exploit and spyware campaign that leverages V8/Chrome vulnerabilities (including CVE-2025-6554) and iOS kernel bugs (CVE-2023-41991, CVE-2023-41992) to achieve full device compromise; it describes the exploit chain (leak primitives, sandbox escape, helper/watcher modules), delivery methods (targeted one-time links and malicious ads), detection avoidance techniques, and shared IOCs and mitigation steps.