# Italian Authorities Verify Paragon Spyware Hit Reporter
In a chilling revelation for press freedom, Italian authorities have confirmed forensic evidence that Paragon's Graphite spyware targeted prominent journalists, including those from investigative outlet Fanpage.it, sparking outrage over government surveillance in a democracy.[1][2][5] This verification underscores escalating concerns about spyware abuse against media professionals critical of Italy's leadership, with Citizen Lab's analysis linking attacks to the same operator via sophisticated iMessage zero-click exploits.[1][4]
Forensic Confirmation Exposes Spyware Targets
Citizen Lab's groundbreaking research provides the first forensic proof of Paragon's iOS Graphite spyware infecting journalists' devices, identifying Italian reporter Ciro Pellegrino and an anonymous prominent European journalist as victims.[1][4] Both received Apple notifications on April 29, 2025, alerting them to state-sponsored attacks, with analysis revealing Graphite's communication to Paragon infrastructure and a shared operator indicator.[1][5] Italian authorities, through bodies like COPASIR, verified related spyware use against activists Luca Casarini and Dr. Giuseppe “Beppe” Caccia from nonprofit Mediterranea Saving Humans, though they couldn't pinpoint the operator targeting Fanpage.it editor Francesco Cancellato—despite WhatsApp's detection of a Graphite attempt on his device via WhatsApp in January.[1][2][4]
The infections occurred in January and early February 2025, post-WhatsApp's global alert on 90 targets, with Apple patching the vulnerability as CVE-2025-43200 in iOS 18.3.1.[1][2] This marks Paragon's successful breach of Apple defenses, contrasting prior NSO Group scrutiny, and highlights ongoing risks despite contract terms barring civil society targeting.[3][5]
Italian Government Denies Involvement Amid Backlash
Italy's Department of Security Intelligence (DIS) rejected Paragon's offer for investigative access, citing national security risks to its reputation among peers, while the government denied directing spyware against journalists.[1][2][3] Paragon terminated its contract with Italy in February 2025 after breaches, confirmed again in June, following reports of unauthorized surveillance on critics of Prime Minister Giorgia Meloni's policies, including migration and far-right issues.[3][4][5] Fanpage.it's exposés on Meloni’s Brothers of Italy party, infiltrating its youth wing to expose fascist remarks, positioned reporters like Pellegrino and Cancellato as likely targets.[2][5]
Civil society groups like Amnesty International condemned the "widespread unlawful surveillance," urging full disclosure and victim reparations, while the Committee to Protect Journalists (CPJ) demanded thorough probes to safeguard source confidentiality.[2][3] Italy's National Cybersecurity Agency leads the investigation, but no perpetrators have been punished yet.[2]
Broader Implications for Press Freedom in Europe
This scandal amplifies fears of spyware proliferation, with Paragon—recently acquired by U.S. firm AE Industrial Partners—selling Graphite to governments for crime prevention, yet enabling attacks on journalists across Europe.[3][5] Victims like Pellegrino from Fanpage.it's Naples newsroom and Monica Macchioni report similar Apple warnings, joining a pattern of digital threats alongside physical assaults on Italian media figures.[4][6] The National Press Federation filed criminal complaints, positioning Italy among European nations accused of journalist spying, eroding democratic norms.[3][6]
Ongoing Citizen Lab analysis reveals Graphite's cross-platform reach, from iOS zero-clicks to Android indicators like BIGPRETZEL, emphasizing the urgent need for accountability in mercenary spyware markets.[1][4]
Frequently Asked Questions
What is Paragon's Graphite spyware?
Graphite is mercenary spyware developed by Israeli firm Paragon Solutions, sold to governments for surveillance, capable of zero-click infections via iMessage or WhatsApp to access device data like messages.[1][2][4]
Which journalists were confirmed targeted by Paragon spyware?
Forensic evidence confirms Italian journalist Ciro Pellegrino and an unnamed prominent European journalist were infected; Francesco Cancellato faced an attempted attack via WhatsApp.[1][2][5]
Did Italian authorities admit using Paragon spyware?
Italian intelligence acknowledged contracts with Paragon and Graphite use against activists like Luca Casarini and Beppe Caccia but denied targeting journalists and rejected Paragon's probe offer.[1][3][4]
Why did Paragon end its contract with Italy?
Paragon terminated ties in February 2025 after Italy breached terms prohibiting civil society targeting, with confirmation in June amid spyware allegations against journalists.[3][4]
How was the spyware attack delivered?
Attacks used sophisticated zero-click exploits via iMessage for iOS devices (patched as CVE-2025-43200) and WhatsApp for Android attempts.[1][2]
What actions have rights groups demanded?
Groups like CPJ, Amnesty, and Italy's National Press Federation call for investigations, perpetrator punishment, transparency on operations, and reparations for victims.[2][3][6]
🔄 Updated: 3/5/2026, 8:50:40 PM
**BREAKING NEWS UPDATE: Global Alarm Grows Over Paragon Spyware Targeting Italian Reporter Ciro Pellegrino**
The verification by Italian authorities and Citizen Lab of Paragon's Graphite spyware infecting Pellegrino's iPhone via iMessage zero-click attack—linked to the same operator targeting an anonymous European journalist and 90 WhatsApp users across dozens of countries—has sparked international outrage, with Amnesty International decrying it as evidence of "rampant widening and systemic pattern of spyware abuse in Italy, and elsewhere in Europe."[1][4] CPJ demanded a thorough probe, quoting Europe rep Attila Mong: “Italian authorities must prove that they will not tolerate illegal surveillance of the media.”[2] WhatsAp
🔄 Updated: 3/5/2026, 9:00:50 PM
**NEWS UPDATE: Public Outrage Mounts Over Paragon Spyware Targeting Italian Reporter**
Italian journalists' union FNSI has fiercely condemned the verified use of Paragon's Graphite spyware against Fanpage reporters Francesco Cancellato and Ciro Pellegrino, demanding prosecutors investigate potential breaches of state surveillance laws[1][3][4]. Pellegrino described the breach as "horrible," calling his iPhone "the black box of my life, which contains everything from personal and health data to journalistic sources," fueling widespread media backlash against the Meloni government's intelligence practices[5]. Digital rights advocates at Access Now questioned the COPASIR report's credibility, with senior tech counsel Natalia Krapiva stating the omissio
🔄 Updated: 3/5/2026, 9:10:44 PM
**BREAKING: Italian Parliamentary Committee Verifies Paragon Spyware Use Against Reporter Amid Government Fallout**
Italy's Parliamentary Committee for the Security of the Republic (COPASIR) confirmed in a June 2025 report that domestic and foreign intelligence services (AISI and AISE) deployed Paragon's Graphite spyware against targets including journalists like Fanpage's Francesco Cancellato, though it denied spying on Cancellato specifically while verifying legal use on activists.[2][4][5] The committee rejected Paragon's June 9 offer to technically verify Cancellato's targeting, citing national security, prompting Paragon to cancel the contract—while Italy claims it proactively terminated two contracts after public outcry.[1][2][
🔄 Updated: 3/5/2026, 9:20:46 PM
**LIVE NEWS UPDATE: Italian Spyware Scandal Reshapes Vendor Landscape**
Italian authorities have verified Paragon's Graphite spyware targeted Fanpage journalists Francesco Cancellato and Ciro Pellegrino, prompting mutual contract termination with Italy's AISE and AISI agencies in February 2025—Paragon claims Italy rejected a log inspection offer, while officials cite national security[1][2][4][6]. This ends Paragon's Italian operations after targeting **seven confirmed individuals**, including migrant activists, shifting demand toward alternatives like NSO Group's Pegasus amid heightened COPASIR oversight and declassification of a key April hearing transcript[1][3][7]. Paragon's exit, confirmed by both parties despite conflicting narrative
🔄 Updated: 3/5/2026, 9:30:44 PM
**ROME** – Citizen Lab confirmed on 12 June that Italian Fanpage reporter Ciro Pellegrino, alongside editor Francesco Cancellato, was targeted with Paragon's Graphite spyware, marking the second verified journalist victim in Italy among over 90 global cases.[2] EFJ President Maja Sever condemned Italian authorities' "inaction," stating *“The EFJ strongly condemns the inaction of the Italian authorities, who do not seem to want to shed light on these illegal spying operations,”* while IFJ General Secretary Anthony Bellanger urged prosecutors to investigate, noting these practices *“are designed to intimidate and undermine the work of journalists.”*[2] Expert John Scott-Railton of Citizen Lab emphasized Paragon'
🔄 Updated: 3/5/2026, 9:40:47 PM
**BREAKING: Italian Prosecutors Confirm Paragon Spyware Infection on Fanpage Director Francesco Cancellato**
Rome and Naples public prosecutors announced Thursday that a technical report verified spyware traces on Cancellato's phone in the "early hours" of December 14, 2024, alongside infections on activists Giuseppe Caccia and Luca Casarini, suggesting "three consecutive attacks... part of the same infection campaign."[2] This marks the first independent forensic confirmation of the hack on Cancellato, director of Fanpage.it, who was among 90+ global targets alerted by WhatsApp in January 2025, amid ongoing probes into Italy's intelligence use of Paragon's Graphite tool.[1][2][3
🔄 Updated: 3/5/2026, 9:51:15 PM
**ROME (Breaking News) —** Italian authorities confirmed forensic evidence that Fanpage director Francesco Cancellato's phone was infected with Paragon's Graphite spyware in the early hours of December 14, 2024, amid a scandal prompting Italy to terminate its contract with the Israeli firm, now owned by U.S. private equity firm AE Industrial[2][1]. This shift opens opportunities for competitors like NSO Group in Europe's spyware market, as Paragon claimed it unilaterally ended the deal while Italy cited national security concerns in rejecting the firm's investigation offer[3][4]. Prosecutors noted "three consecutive attacks" that night, targeting Cancellato alongside activists Giuseppe Caccia and Luca Casarini
🔄 Updated: 3/5/2026, 10:00:58 PM
**BREAKING: Global Alarm Over Paragon Spyware as Italian Verification Sparks International Outcry**
Citizen Lab's forensic analysis confirmed Paragon's Graphite spyware targeted Italian journalists Francesco Cancellato and Ciro Pellegrino via zero-click iMessage attacks (CVE-2025-43200, patched in iOS 18.3.1), alongside an unnamed European journalist—all linked to the same operator and affecting at least 90 users worldwide, including civil society figures across dozens of countries[1][2][3]. Amnesty International's Elina Castillo Jiménez condemned it as evidence of "rampant widening and systemic pattern of spyware abuse in Italy, and elsewhere in Europe," urging adherence to international norms, while the Committe
🔄 Updated: 3/5/2026, 10:11:36 PM
I cannot provide a news update as requested because the search results do not contain information about consumer and public reaction to the Paragon spyware targeting of Italian reporters. The results focus on government responses, parliamentary inquiries, and journalist organizations' statements, but they lack reporting on broader public sentiment, consumer concerns, or reactions from the general Italian population regarding this surveillance scandal.
To fulfill your request accurately, I would need search results that specifically document public opinion polling, social media reactions, citizen advocacy groups' responses, or media coverage analyzing how Italian consumers and the public have responded to these revelations.
🔄 Updated: 3/5/2026, 10:20:58 PM
Italian prosecutors confirmed on Thursday that journalist **Francesco Cancellato**, director of news website Fanpage, was hacked with Paragon spyware on December 14, 2024, alongside immigration activists Luca Casarini and Giuseppe Caccia in what authorities described as a coordinated "infection campaign."[2] Cancellato told reporters he felt "violated" by the breach, which occurred after Fanpage published an exposé on Prime Minister Giorgia Meloni's Brothers of Italy party revealing antisemitic content among young members.[5] The confirmation has intensified calls from journalists' unions and media freedom advocates for accountability, with Italy's FNSI union urging prosecutors to determine
🔄 Updated: 3/5/2026, 10:30:56 PM
**BREAKING: Global Alarm Over Paragon Spyware Targets Italian Journalists**
Citizen Lab's forensic analysis confirmed that Paragon's Graphite spyware, deployed via iMessage zero-click attacks (mitigated in iOS 18.3.1, CVE-2025-43200), hit Italian reporter Ciro Pellegrino and an unnamed prominent European journalist—both linked to the same operator—expanding a scandal initially tied to Francesco Cancellato of Fanpage.it[2][3]. Amnesty International's Elina Castillo Jiménez warned that this "confirms the rampant widening and systemic pattern of spyware abuse in Italy, and elsewhere in Europe," undermining international norms amid at least 90 worldwide WhatsApp-detected targets across dozen
🔄 Updated: 3/5/2026, 10:40:57 PM
**BREAKING NEWS UPDATE: Italian Authorities Verify Paragon Spyware Targeted Reporter Ciro Pellegrino**
Italian authorities, via the COPASIR parliamentary committee, have verified that domestic and foreign intelligence services used Paragon's Graphite spyware against Fanpage journalist **Ciro Pellegrino** and civil society activists, confirming legal targeting tied to immigration and national security—not journalism[2][3][5]. Paragon terminated its Italy contract after officials rejected an independent audit of Cancellato's phone hack, citing "invasive practices" and national security, with the government noting WhatsApp identified **seven** affected Italians[1][2]. Amnesty International condemned the "rampant widening and systemic pattern of spyware abuse," urging ful
🔄 Updated: 3/5/2026, 10:51:01 PM
**BREAKING: Italian Authorities Verify Paragon Spyware Targeted Reporter Ciro Pellegrino, Sparking Expert Alarm.** Citizen Lab confirmed with "high confidence" that Graphite spyware from Israel's Paragon hit Fanpage journalist Ciro Pellegrino—joining editor Francesco Cancellato among over 90 global WhatsApp victims—prompting Amnesty's Elina Castillo Jiménez to decry it as proof of a "rampant widening and systemic pattern of spyware abuse in Italy, and elsewhere in Europe."[2][3] The IFJ and EFJ demanded EU probes into these "illegal spying operations which compromise democracy," while Citizen Lab researchers noted Pellegrino's iPhone bore traces of the military-grade zero-clic