Researchers Confirm Two Journalists Targeted by Paragon Spyware

Digital rights researchers have confirmed that two European journalists were targeted and hacked with Paragon spyware, a government-grade surveillance tool developed by the Israeli company Paragon Solutions.

The Citizen Lab released a forensic investigation revealing that Italian journalist Ciro Pellegrino and another prominent European journalist had their iPhones compromised by the same Paragon customer. This represents the first forensic evidence directly linking these infections to Paragon spyware.

Until now, although Apple had alerted Pellegrino to a mercenary spyware attack on his iPhone, it was not publicly confirmed that Paragon spyware specifically was involved. This confirmation deepens a broader spyware scandal, mainly linked to the Italian government's use of such surveillance technologies but with potential implications across Europe.

Months earlier, WhatsApp reported that roughly 90 users, including journalists across over two dozen countries, were targeted with Paragon's spyware, Graphite. At that time, journalists connected to Italian outlet Fanpage, including Pellegrino and his colleague Francesco Cancellato, were among those notified.

Recently, Italy's parliamentary intelligence oversight committee COPASIR stated it found no proof that Cancellato was spied on and acknowledged Italian intelligence agencies as Paragon customers. However, the Citizen Lab's findings challenge some of COPASIR’s conclusions by providing new forensic evidence of Pellegrino's infection.

John Scott-Railton of Citizen Lab emphasized the political sensitivity of the case, highlighting a pressing need for transparency about who has been conducting surveillance on Italian journalists using Paragon spyware.

New Forensic Evidence of Zero-Click Attacks

The investigation found that the unnamed European journalist and Pellegrino both received notifications from Apple about spyware attacks on the same day in late April 2025. Analysis of the European journalist’s iPhone uncovered Graphite spyware communicating with Paragon-affiliated servers.

The spyware was delivered using a sophisticated zero-click exploit through Apple's iMessage platform, meaning the attack required no interaction from the victim and was likely undetectable by them.

According to Apple, the vulnerability exploited in these attacks was patched in iOS 18.3.1, released in February 2025. Citizen Lab's research indicates that both journalists were targeted by the same Paragon operator due to shared artifacts in the compromised devices.

Other Known Victims and Ongoing Investigations

Besides these two journalists, two members of the Italian NGO Mediterranea Saving Humans, Luca Casarini and Beppe Caccia, were also confirmed as targets of Paragon spyware. COPASIR's report acknowledged surveillance of these individuals by Italian intelligence.

Other individuals have received notifications suggesting possible targeting, but definitive evidence linking them to Paragon or specific governments remains unavailable due to limited data and attempts to erase spyware traces.

Citizen Lab continues to analyze cases, including that of Francesco Cancellato, as more forensic information emerges.

DeepFounder AI Analysis

Why it matters

This exposure of government spyware targeting journalists underscores a significant challenge to privacy and press freedom in the digital era. For startups and founders, it signals a critical need for enhanced cybersecurity solutions that can protect individuals from increasingly sophisticated surveillance technologies. The tech ecosystem must adapt to defend against zero-click exploits that threaten data security.

Risks & opportunities

The rise of mercenary spyware presents risks such as increased digital surveillance, potential repression of free speech, and erosion of trust in communication platforms. Conversely, this environment creates opportunities for startups to develop advanced mobile security tools, threat detection systems, and privacy-enhancing technologies tailored for vulnerable groups like journalists and activists. The market for anti-surveillance solutions is expanding rapidly as awareness grows.

Startup idea or application

An innovative startup could build an AI-driven mobile security platform focused on real-time detection and automatic mitigation of zero-click and other stealth spyware attacks. By leveraging behavioral analytics and encrypted communication monitoring, this platform could notify users promptly about suspicious activity and recommend protective measures. Partnerships with media organizations and human rights groups could facilitate deployment where it’s most needed.

Cybersecurity Spyware Digital Rights Journalism Paragon Surveillance

Visit DeepFounder AI to learn how to start your own startup, validate your idea, and build it from scratch.

4DA Read more articles in our DeepFounder AI blog.