HomeIntelligenceBrief
BREACH BRIEF🟠 High Breach

Pegasus Spyware Infected EU Lawmaker Investigating the Tool, Citizen Lab Confirms

Citizen Lab verified that former EU MEP Stelios Kouloglou was infected three times with Pegasus spyware while serving on the committee investigating the same tool. The breach demonstrates the audit‑level need for robust access‑control monitoring and evidence collection.

LiveThreat™ Intelligence · 📅 July 04, 2026· 📰 securityaffairs.com
🟠
Severity
High
BR
Type
Breach
🎯
Confidence
High
🏢
Affected
1 sector(s)
Actions
3 recommended
📰
Source
securityaffairs.com

Pegasus Spyware Infected EU Lawmaker Investigating the Tool, Citizen Lab Confirms

What Happened — Citizen Lab’s forensic analysis shows that former EU Member of the European Parliament Stelios Kouloglou was infected three times with NSO Group’s Pegasus spyware while serving on the EU “PEGA” committee that was tasked with investigating Pegasus abuses. The first infection (Oct 21 2022) used the zero‑click PWNYOURHOME exploit against Apple HomeKit; two later infections (Mar 6‑7 2023) occurred during the committee’s final drafting phase.

Why It Matters for Compliance & Audit Readiness

  • The incident illustrates how a sophisticated zero‑click exploit can bypass traditional user‑awareness controls, underscoring the need for SOC 2‑aligned Access Controls that include device‑level hardening and continuous monitoring.
  • Evidence of unauthorized access to confidential committee documents creates a clear audit trail requirement: organizations must be able to prove who accessed what, when, and how—exactly the kind of evidence SOC 2 audits demand.

Who Is Affected — Government & public‑sector bodies, elected officials, and any organization handling highly sensitive policy or intelligence data.

Recommended Actions

  • Map the incident to SOC 2 CC6.1 (Logical Access) and CC7.1 (System Operations) controls; verify that mobile device management (MDM) policies enforce up‑to‑date OS patches and block zero‑day exploits.
  • Implement continuous endpoint telemetry and immutable logging to capture anomalous process activity for forensic readiness.
  • Review and strengthen incident‑response playbooks for zero‑click exploits, including rapid containment and mandatory breach notification procedures.

Source: Security Affairs

Technical Notes — The PWNYOURHOME exploit leveraged a crafted NSKeyedArchive delivered to Apple HomeKit, requiring no user interaction. The victim’s device ran iOS 15.5, an OS version already out‑of‑support. No Apple security updates were applied, allowing the zero‑click chain to execute Pegasus’s surveillance payload. Source: same as above

📰 Original Source
https://securityaffairs.com/194728/malware/pegasus-used-against-mep-investigating-pegasus-citizen-lab-finds.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →