Paragon Spyware used to Spy on European Journalists

June 13, 2025 invoker category_news

Security Update News

Update Information

Title Paragon Spyware used to Spy on European Journalists
Update ID SCHNEIER:7E776C0B8DB0F77E9C2C2ED4EE18BF9F
Type schneier
Published 2025-06-13T10:17:42
Last Updated 2025-06-13T09:04:40

Security Impact

CVSS Score 0.0
Severity NONE
Attack Vector

Affected CVEs

  • CVE-2025-43200

Update Details

Paragon is a Israeli spyware company, increasingly in the news (now that NSO Group seems to be waning). “Graphite” is the name of their product. Citizen Lab caught them spying on multiple European journalists with a zero-click iOS exploit:

> On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists that consented for the technical analysis of their cases. The key findings from our forensic analysis of their devices are summarized below:
>
> * Our analysis finds forensic evidence confirming with high confidence that both a prominent European journalist (who requests anonymity), and Italian journalist Ciro Pellegrino, were targeted with Paragon’s Graphite mercenary spyware.
> * We identify an indicator linking both cases to the same Paragon operator.
> * Apple confirms to us that the zero-click attack deployed in these cases was mitigated as of iOS 18.3.1 and has assigned the vulnerability CVE-2025-43200.

>
> Our analysis is ongoing.

The list of confirmed Italian cases is in the report’s appendix. Italy has recently admitted to using the spyware.

TecCrunch article.

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.