Light bulb Limited Spots Available: Secure Your Lifetime Subscription on Gumroad!

Mar 12, 2026 · 6 min read

Italy Confirmed Spyware on a Journalist's Phone—Nobody Knows Who Ordered It

Italian prosecutors found traces of Paragon's Graphite spyware on devices belonging to Fanpage journalists and immigration activists. The company canceled its Italian contracts. The mystery of who authorized the surveillance remains unsolved.

Journalist in a dimly lit newsroom examining their smartphone with concern

A WhatsApp Notification That Changed Everything

In January 2025, approximately 90 people across multiple countries received an unusual notification from WhatsApp: their devices had been targeted by commercial spyware. Among them was Francesco Cancellato, the editor in chief of Fanpage, one of Italy's most prominent investigative news outlets known for its reporting on corruption, organized crime, and far right political movements.

What followed was a months long investigation that would expose a sprawling surveillance scandal reaching into the upper levels of Italian government, and raise questions that still have no answers.

Prosecutors Confirm the Hack

In March 2026, Italian prosecutors in Rome and Naples confirmed what forensic researchers had suspected: Paragon Solutions' Graphite spyware had been found on devices belonging to Cancellato, immigration activists Giuseppe Caccia and Luca Casarini, and Ciro Pellegrino, head of the Naples newsroom at Fanpage.

The infections were traced to December 14, 2024. But the judicial findings came with an uncomfortable gap: while prosecutors found clear evidence of operations against the activists, they could not determine who authorized the surveillance against Cancellato. The operation against his device appeared to have been conducted through different channels than those used against the activists.

What Is Graphite?

Paragon Solutions is an Israeli spyware company that markets itself as the "ethical" alternative to NSO Group's Pegasus. Graphite, its flagship product, is designed to extract data from encrypted messaging applications like WhatsApp and Signal without requiring the target to click a link or open a file. The spyware exploits zero day vulnerabilities to gain access to a device's communications, location data, microphone, and camera.

Unlike Pegasus, which has been widely documented by Citizen Lab and other researchers, Graphite had largely avoided public scrutiny until this case. The Italy scandal represents the first forensic confirmation of Graphite's deployment against journalists, marking a significant moment in the commercial spyware industry.

The Political Fallout

The scandal quickly became a political crisis. Cancellato confronted Prime Minister Giorgia Meloni directly at a press conference held by Italy's National Council of the Order of Journalists, demanding answers about whether her government had authorized the surveillance. Meloni denied involvement, but the denials have been met with skepticism given that Paragon's contracts were with Italian government agencies.

Italy's National Federation of Journalists (FNSI) filed criminal complaints. The European Parliament scheduled a debate on the matter. The European Federation of Journalists and the International Federation of Journalists both condemned what they called the "inaction of the Italian authorities."

In June 2025, Paragon Solutions took the extraordinary step of canceling its contracts with all Italian government customers, citing violations of its licensing agreement and Israeli defense export regulations. The deal was reportedly worth tens of millions of dollars.

A Pattern Across Europe and Beyond

Italy is not an isolated case. A 2023 Carnegie Endowment report identified at least 74 governments that have purchased commercial spyware. In Europe alone, Pegasus was used against journalists in Hungary, Greece, Poland, and Spain. The Paragon case adds Italy to that list and introduces a new vendor to the landscape of state sponsored surveillance against the press.

What makes the Paragon scandal particularly concerning is the company's marketing as a responsible alternative. Paragon claimed to sell only to democratic governments with strong human rights records. The Italian case demonstrates how easily those guardrails can fail when oversight mechanisms are weak.

Why This Matters for Everyone

Commercial spyware is no longer a problem confined to authoritarian regimes. It is being deployed in European democracies against journalists investigating their own governments. The tools are becoming more sophisticated, harder to detect, and available to more buyers.

For journalists and activists, the implications are severe: encrypted messaging apps that were once considered secure can be compromised without any user action. For the broader public, the question is whether governments can be trusted to use surveillance tools only against legitimate threats when there are no meaningful accountability mechanisms in place.

The Italian investigation continues. Prosecutors are still trying to determine who authorized the operation against Cancellato and what intelligence was collected. Calls for an EU Commission of Inquiry into the commercial spyware industry are growing. But for the journalists whose phones were compromised, the damage to their sources, their communications, and their sense of security is already done.