Zero-click exploits are highly sophisticated cyberattacks that compromise a device without any interaction from the user—no tapping, clicking, or opening anything. These attacks usually target flaws in apps that handle data in the background, like messaging or calling apps. Just receiving a malicious text, call, or file can be enough to trigger the exploit.
Because zero-clicks require no action from the victim, they’re extremely hard to detect and defend against. They’ve been used in high-profile surveillance campaigns, such as those involving Pegasus spyware, and typically rely on unknown or unpatched vulnerabilities in widely used software.