Two European journalists have been targeted and hacked using government-grade spyware from Israeli tech provider Paragon, according to recent forensic analysis by digital rights organization The Citizen Lab.
The report, published Thursday, details a thorough investigation into compromised smartphones belonging to Italian journalist Ciro Pellegrino and another prominent European journalist, whose identity remains anonymous. Researchers concluded that the two journalists had been attacked by the same Paragon spyware operator, based upon digital evidence uncovered in their iPhones.
Previously, Pellegrino, who writes for the Italian news outlet Fanpage, was alerted by Apple in late April regarding a potential spyware attack, but the notification did not specify Paragon explicitly or provide confirmation of active infection. This new confirmation deepens concerns surrounding the use of spyware by European government entities, particularly by Italy, which has become the center of an ongoing surveillance controversy.
This revelation follows earlier alerts from WhatsApp, which notified approximately 90 users across Europe and other regions that they may have been targeted with Paragon’s “Graphite” spyware, including Pellegrino’s colleague Francesco Cancellato, the director of Fanpage, and several humanitarian workers involved in sea rescue missions for migrants.
Italy’s parliamentary oversight body, COPASIR, had recently published a report that did not identify surveillance of journalists, including Cancellato. However, The Citizen Lab’s findings now directly challenge COPASIR’s conclusions, bringing renewed intensity to the political fallout from the spying allegations.
Citizen Lab senior researcher John Scott-Railton stated that Italy must reconsider the issue amid significant forensic evidence and pressure for transparency. “Who has been hacking Italian journalists with Paragon spyware? This mystery needs an answer,” he said.
Speaking about the incident, Pellegrino expressed deep concern, stating he felt his civil liberties had been “trampled upon” by the surveillance intrusion. Pellegrino further questioned why Italian Prime Minister Giorgia Meloni, herself a former journalist, had remained silent on the issue and failed to voice any solidarity with targeted media professionals.
Pellegrino speculated he may have been targeted to gather intelligence on Fanpage’s investigative journalism, although he clarified he was not directly involved with the outlet’s earlier high-profile reporting on far-right elements associated with Meloni’s party.
Citizen Lab additionally examined an unnamed European journalist’s device, finding that it had been compromised using a sophisticated zero-click exploit delivered through iMessage, leaving no visible signs detectable to the user. This attack method, which does not require any victim interaction, is considered uniquely invasive and hard to detect. Apple has since indicated that the vulnerability exploited in this spyware attack was patched with its iOS 18.3.1 update, released earlier this year.
Paragon, facing increased scrutiny, previously announced it had cut ties with the Italian government, citing Italy’s refusal to fully investigate attacks on journalists using its spyware. The company reaffirmed its stance, stating no new comments would be forthcoming on these latest findings.
The Citizen Lab report also identifies two other confirmed victims of Paragon spyware—Luca Casarini and Beppe Caccia from the migrant-rescue NGO Mediterranea Saving Humans—who have been openly surveilled by Italian intelligence agencies. Additionally, other individuals involved in immigration activism have reported warnings of potential attacks, although full forensic confirmation for some targets remains elusive.
These recent confirmations escalate broader questions surrounding the European use of private spyware technology against journalists and activists and have refocused international attention on concerns of government overreach and violations of fundamental human rights.
