HomeIntelligenceBrief
BREACH BRIEF🟠 High Breach

European Lawmaker’s Smartphone Infected with Pegasus Spyware – Zero‑Click Exploit Used Twice

Citizen Lab verified that MEP Stelios Kouloglou’s iPhone was compromised by Pegasus spyware via the PWNYOURHOME zero‑click exploit in 2022 and 2023. The incident underscores the need for SOC 2‑aligned endpoint and access‑control evidence to demonstrate audit‑ready protection of high‑value data.

LiveThreat™ Intelligence · 📅 July 03, 2026· 📰 databreachtoday.com
🟠
Severity
High
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
3 recommended
📰
Source
databreachtoday.com

European Lawmaker’s Smartphone Infected with Pegasus Spyware – Zero‑Click Exploit Used Twice

What Happened — The Citizen Lab confirmed that the iPhone of MEP Stelios Kouloglou was infected with NSO Group’s Pegasus spyware on Oct 21 2022 and again in early Mar 2023. The attacks leveraged the zero‑click “PWNYOURHOME” exploit that abused HomeKit and MessagesBlastDoorService before Apple issued patches in iOS 16.1 and iOS 16.3.1.

Why It Matters for Compliance & Audit Readiness

  • A zero‑day, zero‑click compromise bypasses traditional credential‑based defenses, highlighting the need for SOC 2‑aligned access‑control policies that cover device‑level protections and continuous monitoring.
  • Demonstrates that audit evidence must include endpoint‑security controls (e.g., mobile‑device‑management logs, patch‑management records) to prove due diligence in protecting sensitive personal and governmental data.
  • Provides a real‑world case for the Security Awareness Training component of SOC 2, as targeted individuals often lack visibility into sophisticated, silent attacks.

Who Is Affected – Government & public‑sector officials, journalists, and any organization handling high‑value political or personal data.

Recommended Actions

  • Map mobile‑device‑management (MDM) and patch‑management processes to SOC 2 CC6.1 (Logical Access) and CC6.2 (System Operations).
  • Collect and retain MDM logs, iOS update records, and threat‑notification receipts as audit evidence.
  • Strengthen security‑awareness programs to include nation‑state threat briefings and zero‑click exploit detection.

Source: DataBreachToday

Technical Notes – The PWNYOURHOME exploit delivered a malicious NSKeyedArchive to HomeKit, then leveraged MessagesBlastDoorService. Apple mitigated HomeKit in iOS 16.3.1 (Feb 13 2023) and likely fixed MessagesBlastDoorService in iOS 16.1 (Oct 24 2022). No CVE was publicly assigned at the time of reporting.

Source: Citizen Lab report (2026)

📰 Original Source
https://www.databreachtoday.com/lawmaker-probing-pegasus-spyware-infected-using-same-malware-a-32153

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →