Stelios Kouloglou, who previously served on the European Parliament's committee investigating commercial spyware, had his phone infected twice with Pegasus spyware, according to researchers from Citizen Lab.

Researchers at Citizen Lab identified two separate infections of Pegasus on Kouloglou's device during his tenure on the PEGA committee—a panel explicitly named after the controversial spyware. The infections targeting a member of a body probing spyware abuse underscore the high stakes and reach of NSO Group's surveillance tool.

Pegasus spyware is known for its ability to remotely compromise mobile devices, accessing messages, calls, and data without user interaction. While technical specifics of the infections against Kouloglou remain limited, the attacks highlight the persistent targeting of oversight figures.

Citizen Lab has not disclosed a timeline for the infections or whether any data was exfiltrated. No patches or mitigations have been announced specific to these incidents, but NSO Group has previously disputed claims about the scope of Pegasus operations.

The targeting of a committee member raises questions about the security of parliamentary investigations into sensitive technologies. Critics argue it also illustrates the need for robust protections for officials probing powerful surveillance tools.