Paragon is an Israeli surveillance firm, increasingly making headlines (especially as NSO Group appears to be declining). “Graphite” is the designation of their product. Citizen Lab discovered them monitoring various European journalists using a zero-click iOS vulnerability:

On April 29, 2025, a selected cohort of iOS users received alerts from Apple that they were targeted with sophisticated spyware. Among this cohort were two journalists who agreed to the technical examination of their situations. The principal conclusions from our forensic evaluation of their devices are outlined below:

• Our evaluation uncovers forensic evidence affirmatively indicating with high assurance that both a notable European journalist (who wishes to remain anonymous) and Italian journalist Ciro Pellegrino were subjected to Paragon’s Graphite mercenary spyware.
• We pinpoint an indicator connecting both instances to the identical Paragon operator.
• Apple has verified to us that the zero-click assault utilized in these instances was countered as of iOS 18.3.1 and has designated the vulnerability CVE-2025-43200.

Our assessment is ongoing.

The enumeration of verified Italian instances is located in the report’s appendix. Italy has recently acknowledged the use of this spyware.

TecCrunch report.