Italy Confirmed Spyware on a Journalist's Phone—After Denying It for a Year

The Government Said It Did Not Happen

For more than a year, Italian authorities denied that journalists had been deliberately targeted with commercial spyware. A parliamentary committee investigated in 2025, concluded that intelligence services had legally surveilled migrant rights activists, and dismissed claims that reporters had been compromised.

On March 5, 2026, Italian prosecutors contradicted all of that. They confirmed that Francesco Cancellato, the editor in chief of Fanpage—Italy's most read online news outlet—was hacked with Paragon Solutions' Graphite spyware. The hack was part of a single coordinated operation on December 14, 2024, that also targeted two migrant rights activists.

The Targets

The confirmed victims paint a clear picture of who was being watched:

• Francesco Cancellato — Editor in chief of Fanpage, which had published an undercover investigation exposing fascist imagery within Prime Minister Meloni's youth political organization.
• Ciro Pellegrino — Head of Fanpage's Naples newsroom, confirmed targeted with "high confidence" by Citizen Lab after Apple notified him of "advanced mercenary spyware" on his device.
• Luca Casarini and Giuseppe Caccia — Founders of Mediterranea Saving Humans, a migrant rescue organization.
• David Yambio — Founder of Refugees in Libya, an advocacy group.

Citizen Lab noted that the clustering of Fanpage journalists "suggests an effort to target this news organization" specifically.

A Year of Denials

The timeline of official denials makes the prosecutorial confirmation even more damaging. WhatsApp first notified approximately 90 people—including journalists and civil society members across more than a dozen European countries—in January 2025 that they had been targeted with Paragon spyware.

Italy's parliamentary oversight committee (COPASIR) investigated but did not confirm Cancellato's infection and never investigated Pellegrino's case at all. The Italian intelligence chief insisted surveillance of activists was legal while explicitly denying journalists were deliberately targeted.

The March 2026 prosecutorial findings directly contradict that position. According to Haaretz, prosecutors determined that all three devices—the journalist's and both activists'—were compromised simultaneously on December 14, 2024, in what they characterized as "a single operation."

The Bigger Picture

Under Italian law, targeting journalists with spyware is illegal and cannot be justified even by security services, provided the journalist maintains official press registration. Pellegrino has been registered for 20 years.

The scandal has European dimensions. MEP Sandro Ruotolo called it "a European scandal, not an Italian one." The International Federation of Journalists and Amnesty International have called for a European Commission inquiry and strict implementation of the European Media Freedom Act.

Amnesty's Elina Castillo Jimenez was blunt: "When governments fail to respond adequately to credible allegations of surveillance abuse, they send a dangerous message that impunity is the norm."

What Happened to Paragon

Italy canceled its contracts with Paragon after the scandal broke. Paragon, now owned by American private equity firm AE Industrial, claims to operate under ethical guidelines and has said it will cooperate with the new investigation. Citizen Lab sent Paragon a summary of its findings in June 2025. As of publication, the company had not responded.

The case raises a fundamental question about commercial spyware: if the "ethical" alternative to Pegasus is being used to hack journalists who embarrassed a sitting government, what exactly does "ethical" mean in this industry?