A second journalist was hacked with Paragon spyware, The Citizen Lab confirms

Not one, but two European journalists have become the victims of a targeted spyware attack that was made possible by Israeli surveillance tech firm Paragon.

On April 29, 2025, Apple notified a select group of iOS users that they were targeted with advanced spyware. Among them were two prominent journalists.

Digital rights group The Citizen Lab published a new report on Thursday, confirming that the devices of the journalists were infected with Paragon’s Graphite spyware. This happened somewhere between January and February 2025, when their devices were running iOS 18.2.1.

“We attribute the compromise to Graphite with high confidence because logs on the device indicated that it made a series of requests to a server that, during the same time period, matched our published Fingerprint P1. We linked this fingerprint to Paragon’s Graphite spyware with high confidence,” The Citizen Lab’s report reads.

The threat actor used a zero-click vulnerability in Apple’s iMessage app known as CVE-2025-43200 to infect a victim's device. This bug was fixed in iOS 18.3.1.

One of the victims is Ciro Pellegrino, an Italian investigative journalist who wrote several high-profile pieces for the news outlet Fanpage. His editor-in-chief Francesco Cancellato disclosed earlier that he had been targeted by an unknown attacker.

According to Reuters, Pellegrino published a series of critical stories about Giorgia Meloni’s government, including an exposé that Fanpage journalists were put under surveillance.

In a text message with the press agency, Pellegrino said the discovery that he had been targeted with spyware was ‘horrible.’ The journalist mentioned that his phone was “the black box of my life, which contains everything from personal and health data to journalistic sources.”

Last week, COPASIR, the Italian government’s parliamentary committee overseeing Italy’s intelligence services, published a report about their inquiry into the use of Paragon’s spyware Graphite in Italy. The report acknowledged that the Italian government had used Graphite against multiple individuals, but didn’t mention Pellegrino or Cancellato.

On June 9, Paragon offered to assist the Italian government in its investigation into the case of Cancellato. According to Italian news outlets, this offer was rejected by the Italian government because of national security concerns. The contract between Meloni’s government and the Israeli surveillance firm was terminated the same day.

“The lack of accountability available to these spyware targets highlights the extent to which journalists in Europe continue to be subjected to this highly invasive digital threat, and underlines the dangers of spyware proliferation and abuse,” The Citizen Lab concludes.