A newly disclosed forensic investigation has found that former European Parliament member Stelios Kouloglou, who served on the Parliament’s committee investigating abuses involving Pegasus spyware, had his own iPhone repeatedly compromised by the same surveillance tool while the committee was conducting its work. Researchers at Citizen Lab concluded the infections occurred during critical phases of the committee’s investigation into the use of commercial spyware across Europe, though they were unable to identify the government or entity responsible for the attacks. The findings have reignited concerns that sophisticated surveillance technologies intended for legitimate law enforcement purposes can instead be turned against journalists, lawmakers, and political oversight bodies themselves. The episode also raises broader questions about whether European institutions have adequately protected their officials from increasingly capable cyber-espionage tools and whether previous recommendations for stronger oversight and defensive capabilities have gone largely unimplemented.
Sources
- https://www.wired.com/story/eu-politicians-investigated-pegasus-spyware-then-it-ended-up-on-one-of-their-phones
- https://www.reuters.com/world/middle-east/researchers-say-eu-lawmaker-who-investigated-surveillance-was-hacked-by-israeli-2026-07-03
- https://www.theguardian.com/world/2026/jul/03/spyware-used-against-mep-investigating-pegasus-abuses-report-finds
Key Takeaways
- The lawmaker helping investigate alleged Pegasus spyware abuses was reportedly targeted by the same surveillance platform during the committee’s work, illustrating the reach and sophistication of modern commercial spyware.
- Investigators have not publicly identified the government or organization responsible for the intrusions, but researchers believe the attacks may have exposed confidential parliamentary communications during a sensitive investigation.
- The incident has renewed criticism that European institutions have failed to implement meaningful reforms and stronger cybersecurity measures despite years of warnings about the misuse of commercial surveillance technology.
In-Depth
The revelation that a member of the European Parliament’s committee investigating Pegasus spyware allegedly became a victim of Pegasus himself represents a remarkable failure of institutional security. According to forensic findings from Citizen Lab, former Greek lawmaker and journalist Stelios Kouloglou’s iPhone was compromised multiple times while he participated in the Parliament’s investigation into spyware abuses. The timing is especially troubling because the reported intrusions coincided with key hearings, deliberations, and drafting of recommendations concerning the very technology under scrutiny.
While researchers have not attributed the attacks to any specific government, the implications remain significant. If confidential committee communications were accessed, those responsible could have gained insight into investigative strategies, witness interviews, and internal deliberations. Such a possibility raises serious concerns about the integrity of democratic oversight and whether elected officials can effectively investigate sophisticated surveillance operations without becoming targets themselves.
The episode also underscores a broader reality that governments often hesitate to acknowledge: cyber capabilities developed for legitimate national security purposes can become powerful tools for political surveillance if meaningful oversight is absent. Regardless of political affiliation, lawmakers, journalists, and investigators must be able to perform their duties without fear that their private communications are being secretly monitored.
From a conservative perspective, this incident reinforces an enduring principle that concentrated power requires equally strong accountability. Governments have legitimate responsibilities to combat terrorism and organized crime, but those powers must be accompanied by transparent legal safeguards and meaningful oversight. When surveillance capabilities are perceived as extending into the political sphere, public confidence in democratic institutions inevitably suffers.
Perhaps most concerning is that many recommendations produced by the parliamentary investigation reportedly remain unimplemented. As commercial spyware continues to evolve and become more sophisticated, policymakers face increasing pressure to strengthen cybersecurity, improve accountability, and ensure that technologies intended to protect free societies are not instead used to undermine the institutions they are meant to defend.

