🟠 High  |  Source: The Register — Security


A member of the European Parliament investigating spyware has had their phone infected with Pegasus, the notorious commercial surveillance tool developed by NSO Group. This comes as campaigners push the EU to act on long-stalled recommendations from the PEGA Committee, which concluded its inquiry into member state misuse of spyware in 2023. The incident underscores that even those scrutinising spyware are not immune, raising serious concerns about the security of EU institutional devices and political processes.

Security Architect’s Take: Review your organisation’s mobile device security posture — Pegasus exploits zero-click vulnerabilities that bypass conventional endpoint controls, so ensure high-risk individuals use hardened devices such as Apple Lockdown Mode or equivalent Android hardening profiles, and implement mobile threat defence (MTD) tooling capable of detecting anomalous process behaviour and unexpected network connections.

Original advisory: EU urged to act after Pegasus infects phone of spyware inquiry MEP