Particle.news
Download on the App Store
10 ARTICLES
·
3mo ago

Citizen Lab Finds Paragon Graphite Spyware Infected Two Journalists

Apple’s February iOS 18.3.1 patch closed the zero-click vulnerability researchers say enabled Paragon’s Graphite spyware attacks.

Italian investigative journalist Ciro Pellegrino poses for a picture at the offices of the online newspaper Fanpage.it, in Naples, Italy, June 11, 2025. REUTERS/Matteo Ciambelli
FILE - Giorgia Meloni attends a debate at the Senate in Rome, Oct. 26, 2022. (AP Photo/Andrew Medichini, file)
Italian investigative journalist Ciro Pellegrino shows his phone screen displaying a threat notification from Apple warning of a mercenary spyware attack, in Naples, Italy, June 11, 2025. REUTERS/Matteo Ciambelli
The malware alert appears on the screen of a smartphone in Reno, United States, on December 2, 2024. (Photo by Jaque Silva/NurPhoto via Getty Images)

Overview

  • Forensic analysis by Citizen Lab confirmed that Italian journalist Ciro Pellegrino and an unnamed European reporter had their iPhones infected via a stealthy iMessage zero-click exploit.
  • WhatsApp alerted about 90 users globally in January to potential Graphite targeting, but this is the first proof tying the spyware to confirmed infections on journalists’ devices.
  • Apple’s iOS 18.3.1 update, released February 10, addressed CVE-2025-43200, the logic flaw in iMessage that powered the zero-click attack.
  • Italy’s parliamentary committee COPASIR initially reported no evidence of journalist surveillance; the government later terminated its contract with Paragon Solutions in response to the revelations.
  • Human rights advocates warn that deploying Graphite spyware against journalists and activists threatens privacy, freedom of expression and democratic accountability.