Italian authorities confirmed that a journalist who was alerted by WhatsApp last year of a suspected spyware attack on his phone was indeed hacked. In a press release sent to journalists on Thursday, the public prosecutors’ offices in Rome and Naples, which are investigating the spyware scandal in the country, said that a technical report concluded that the phones of journalist Francesco Cancellato and of immigration activists Giuseppe Caccia and Luca Casarini all showed traces of having been infected with spyware in the early hours of December 14, 2024. The execution of three consecutive attacks on the same night suggests, according to the technical report, that they may have been part of the same infection campaign.

The full report, however, is not yet public. This marks the first independent confirmation that Cancellato, the director of the news website Fanpage, was hacked with spyware. In January 2025, Cancellato and about 90 other people, including journalists and members of civil society, received alerts from WhatsApp that they had been targeted with spyware made by Paragon Solutions, an Israeli-based company now owned by the American private equity firm AE Industrial.

Investigations and Ongoing Uncertainties

According to the press release, Italian judicial authorities inspected the Paragon spyware server used by the intelligence agency AISI to target victims’ phones. While evidence of operations against Caccia and Casarini was found, there was no evidence of an operation against Cancellato. This element leaves open the question of who actually hacked Cancellato’s phone.

By June 2025, the Italian Parliamentary Committee for the Security of the Republic (COPASIR) concluded that Italian intelligence agencies had lawfully targeted Caccia and Casarini, but the committee could not find any evidence of a hack against Cancellato. Meanwhile, the prosecutors’ offices have stated they will continue their investigation to identify the perpetrators behind the attack on Cancellato.

The Italian government, led by far-right prime minister Giorgia Meloni, has denied being behind the hack on Cancellato. When questioned in January, Meloni said her government was offering all its assistance to clarify the issue, but the government did not respond to TechCrunch’s request for further comment. Cancellato, in an article, expressed disappointment with the lack of clarity and accused the government of either remaining silent or failing to give truthful answers. John Scott-Railton, a Citizen Lab researcher, pointed out that these new findings raise serious questions about why prior official investigations did not confirm Cancellato’s hack. After the scandal broke, Paragon, the developer of the spyware known as Graphite, cancelled its contracts with Italian government customers.

Spyware Scandals Stretch Across Europe

Apart from Caccia, Casarini, and Cancellato, other individuals in Italy have been identified as spyware targets, including Ciro Pellegrino, who was alerted by Apple to a suspected iPhone attack last year. Later, Citizen Lab researchers confirmed that Pellegrino was hacked with Paragon spyware. The technical report from the prosecutors’ offices, however, stated that only Caccia, Casarini, and Cancellato’s devices showed evidence of infection, excluding Pellegrino and several other alleged victims. Pellegrino expressed his confusion, questioning the difference between Citizen Lab’s findings and those of the Italian prosecutors, and wondered why Apple would issue a warning if there were no grounds.

The prosecutor’s offices in Rome and Naples, as well as Polizia Postale and the companies involved, did not respond to requests for comment from TechCrunch. At the same time, Paragon, which held a contract with the U.S. Immigration and Customs Enforcement (ICE), and REDLattice, a company merged with Paragon after AE Industrial’s acquisition, declined to comment.

Italy is just the latest European country to become embroiled in a spyware scandal, following similar events in Greece, Hungary, Poland, and Spain. Notably, at the end of last month, a Greek court sentenced Tal Dilian and three other executives of the spyware maker Intellexa to eight years in prison for illegal wiretapping and privacy violations. This case, known as the “Greek Watergate” scandal, saw the Greek government accused in 2022 of hacking the phones of politicians, journalists, businesspeople, and military officials with Intellexa’s Predator spyware.

Tags: spiunazhi dixhital, spyware Paragon, përgjimi i gazetarëve, hetimet italiane, shkelja e privatësisë, skandalet e spyware në Europë