Stelios Kouloglou, a former European Parliament member investigating spyware abuse across the EU, fell victim to Pegasus spyware while serving on the committee tasked with scrutinising such tools. Citizen Lab's forensic analysis confirmed multiple intrusions on his mobile device during his tenure.

Pegasus, developed by Israel-based NSO Group, represents one of the most invasive commercial surveillance platforms available. The spyware exploits zero-day vulnerabilities to gain complete device access, enabling attackers to harvest messages, calls, photos, and location data without user awareness or interaction.

Kouloglou's compromise carries serious implications. His parliamentary work directly targeted surveillance tool abuse, making him a high-value target for actors seeking to monitor his investigations or obstruct oversight activities. The targeting pattern suggests coordinated effort rather than opportunistic hacking.

NSO Group maintains that Pegasus licensing restricts use to law enforcement and government agencies investigating serious crime. The incident undermines this narrative. EU investigations into Pegasus deployment have previously documented abuse by multiple governments against journalists, human rights advocates, and political opposition figures. Countries including Poland, Spain, and Hungary faced scrutiny over alleged misuse.

The timing and targeting raise questions about who conducted the attacks. European authorities will likely examine whether EU member states used NSO's tools against their own parliament members, or whether external actors acquired Pegasus access through illicit channels.

For organisations and individuals, this case reinforces reality. Commercial spyware threats extend beyond traditional cybercriminals. Nation-states and law enforcement agencies actively deploy such tools. Mobile devices warrant continuous security reviews. Encrypted communication platforms offer partial protection but cannot fully mitigate zero-day exploitation.

The incident highlights a regulatory gap. EU entities investigating surveillance abuse remain vulnerable to the same tools they scrutinise. Robust endpoint detection, secure boot protocols, and compart