Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Apple iOS 17 Scam Alerts Protect iPhone Users From Phishing
July 3, 2026
Former MEP Investigating Spyware Abuses Hacked With Pegasus
July 3, 2026
Critical WatchGuard Firebox OS Flaws Let Attackers Execute Code
July 3, 2026
Home/CyberSecurity News/Former MEP Investigating Spyware Abuses Hacked With Pegasus
CyberSecurity News

Former MEP Investigating Spyware Abuses Hacked With Pegasus

Key Takeaways Stelios Kouloglou, a former Member of the European Parliament (MEP) on the PEGA committee, was infected with NSO Group’s Pegasus spyware multiple times. This marks the first...

Jennifer sherman
Jennifer sherman
July 3, 2026 4 Min Read
3 0

Key Takeaways

  • Stelios Kouloglou, a former Member of the European Parliament (MEP) on the PEGA committee, was infected with NSO Group’s Pegasus spyware multiple times.
  • This marks the first public confirmation of a PEGA committee member being targeted while actively participating in the spyware inquiry.
  • The infections occurred during sensitive periods of the committee’s work, including report drafting and international delegations.
  • One infection used the PWNYOURHOME zero-click exploit, linked to a HomeKit-associated email address also seen in attacks on exiled journalists.

Former MEP Investigating Spyware Abuses Hacked With Pegasus

Stelios Kouloglou, a former Member of the European Parliament (MEP) who actively participated in the committee investigating the misuse of Pegasus spyware, was himself repeatedly compromised by NSO Group’s sophisticated surveillance tool. New forensic analysis conducted by the Citizen Lab revealed that Kouloglou’s devices were infected with Pegasus during his tenure on the committee.

Table Of Content

  • Key Takeaways
  • Former MEP Investigating Spyware Abuses Hacked With Pegasus
  • Infections Coincide with Critical Committee Work
  • Attribution and Broader Context
  • What You Should Do

This revelation marks a significant moment, as it is the first instance where a member of the European Parliament’s Committee of Inquiry into Pegasus and equivalent surveillance spyware (PEGA Committee) has been publicly identified as a victim of Pegasus while actively serving on the inquiry itself.

Infections Coincide with Critical Committee Work

Kouloglou served as a substitute member of the PEGA Committee from March 2022 to July 2023. After he reached out to Citizen Lab in May 2026, a forensic examination of his iPhone uncovered that his device had been compromised on multiple occasions, precisely during some of the committee’s most sensitive discussions and activities.

Specifically, Kouloglou’s device was infected with Pegasus on October 21, 2022, and again between March 6 and 7, 2023. The initial compromise utilized the PWNYOURHOME zero-click exploit. Evidence for this included a lookup for a HomeKit-linked email address ([email protected]), which was followed just two minutes later by Pegasus network activity.

Apple issued threat notifications to Kouloglou on three separate dates: March 2, 2023, August 29, 2023, and April 10, 2024. However, Kouloglou stated he did not recall seeing these alerts.

Both infection periods directly align with intense phases of the PEGA Committee’s work, encompassing preparations for hearings, the circulation of draft reports, and visits by international delegations.

The October 2022 infection occurred ten days prior to a PEGA delegation trip to Cyprus and Greece, a visit Kouloglou helped organize and personally attended. This timing also coincided with the committee’s initial report drafting, much of which was being discussed among members and staff via text and email.

Notably, the exact date of this first infection found Kouloglou hospitalized for elective surgery. On that same day, he received a visit from Greek investigative journalist Thanasis Koukakis, who had previously testified before the PEGA Committee about his own targeting with Intellexa’s Predator spyware.

Citizen Lab highlighted the potential implications of this hospital-based infection, noting that the spyware could have accessed confidential medical information, which might raise concerns regarding Greek data protection laws.

The second infection, in March 2023, took place while Kouloglou was in Brussels for the final negotiations on the committee’s report. This period also coincided with a separate PEGA-linked delegation visit to Greece by rapporteur Sophie in ‘t Veld.

Attribution and Broader Context

Citizen Lab stopped short of attributing the cyberattack to a specific government, explicitly stating that no evidence implicating the Greek government was found, nor any indication that Greece has ever been an NSO Group customer.

However, researchers identified a significant overlap: the same HomeKit-linked email address implicated in Kouloglou’s first infection also appeared in a 2024 joint report with Access Now. This report detailed Pegasus targeting of Russian and Belarusian-speaking exiled journalists and activists across Europe.

Kouloglou is not the first MEP confirmed to have been targeted by mercenary spyware. Catalan MEPs Diana Riba, Jordi Solé, and Carles Puigdemont were previously identified as Pegasus targets, and Greek MEP Nikos Androulakis was targeted with Predator spyware.

More recently, French MEP Nathalie Loiseau and German MEP Daniel Freund confirmed spyware targeting in 2024. Nevertheless, Kouloglou holds the distinction of being the first PEGA Committee member confirmed to have been compromised by spyware while actively involved in the very inquiry investigating such abuses.

What You Should Do

  • Regularly update your mobile operating system and applications to the latest versions.
  • Enable two-factor authentication (2FA) on all accounts, especially for email and cloud services.
  • Be wary of suspicious links or attachments, even from known contacts, as spear-phishing remains a common vector.
  • Consider using a reputable mobile threat defense (MTD) solution to detect and prevent advanced mobile attacks.
  • If you receive threat notifications from your device vendor (e.g., Apple), take them seriously and seek expert forensic analysis.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

ExploitThreat

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Critical WatchGuard Firebox OS Flaws Let Attackers Execute Code

Next Post

Apple iOS 17 Scam Alerts Protect iPhone Users From Phishing

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
AI Used in Ticketmaster Attack to Score Free Tickets
July 3, 2026
Anthropic Details Claude 3.5 Sonnet Safeguards and Jailbreak Framework
July 3, 2026
Google Disrupts NetNut Residential Proxy Botnet Exploiting 2 Million Devices
July 3, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
CyberSecurity News

Top 10 High-Risk Vulnerabilities Of 2025 that Exploited in the Wild

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us