I just want to clear things up: this is the correct and latest trust store version although the main Apple websites yet to be updated. I am sure of this as I work with a large corporate and we validated with Apple directly on this point for audit.
For those involved with hacking attempts the first thing to do is to DFU mode reset compromised Apple assets and then restore (not from backups). Reset your home router if isp provided holding the pin reset for 120 seconds which triggers firmware refresh on most cable ISP provided modems and routers, else ensure latest firmware from the manufacturer. Note this will erase devices.
Setup any smart devices and potential devices that are easily compromised (non branded bulbs etc) onto the guest WiFi network which can be setup on most routers. This moves them away from the main network and reduces attack surface.
Run more advanced scanners on windows eg Norton power eraser, and kaspersky which are well known for identifying malware based on behavior.
Run imazing spyware scanner on iOS devices.
Setup a DNS Filter and add in threat intelligence feeds and malware checks via eg AdGuard DNS or NextDNS. This filters all traffic from onboarded devices.
Ensure MFA/two factor on all services including Apple services as possible.
Run Apple privacy checkup and other providers such as Google offer the same.
Login to security section of services eg Apple and Microsoft and logout unknown active sessions or all sessions if unsure. Note you may need to relogin.
Update firmware especially on windows devices (also known as the bios).
Ask your isp if they offer smart security or monitoring of your home network for malicious activity - a few do. One example in the UK: https://www.virginmedia.com/virgin-tv-edit/tips-and-tricks/smart-security
Change email passwords, remove active sessions, enable MFA.
Check Google, Apple, etc for “app passwords,” these provide login that bypasses normal passwords and MFA.
Check for MDM enrolment on all devices and if active (& unexpected) contact Apple or whoever supplied the device with purchase history to validate ownership and work with them on removal. Do the same with the MDM operator. They’ll usually remove as it’s a crime and falls under stalking.
Turn on device encryption whenever you can.
Best of luck.