Italian authorities have confirmed that a journalist who received a warning from WhatsApp last year about a suspected spyware attack on his phone was indeed hacked. In a press release issued on Thursday, public prosecutors’ offices in Rome and Naples stated that a technical report concluded the phones of journalist Francesco Cancellato, along with immigration activists Giuseppe Caccia and Luca Casarini, all showed traces of infection in the early hours of December 14, 2024. The report noted that three consecutive attacks on the same night suggest they may have been part of the same infection campaign. The full report is not yet public.
This marks the first independent confirmation that Cancellato, the director of the news website Fanpage, was hacked with spyware. In January 2025, Cancellato and around 90 other individuals, including journalists and civil society members, were alerted by WhatsApp that they had been targeted with spyware made by Paragon Solutions, an Israeli-based company now owned by American private equity firm AE Industrial.
According to the press release, Italian judicial authorities inspected the Paragon spyware server used by the intelligence agency AISI to target phones. While evidence of operations against Caccia and Casarini was found, no evidence of an operation against Cancellato was discovered. It remains unclear who hacked Cancellato’s phone.
By June 2025, an investigation by the Italian Parliamentary Committee for the Security of the Republic, known as COPASIR, concluded that Italian intelligence agencies had lawfully targeted Caccia and Casarini, but found no evidence of a hack against Cancellato. The prosecutors’ offices said they will continue investigating to identify Cancellato’s hackers.
The Italian government, led by far-right Prime Minister Giorgia Meloni, has denied being behind the hack on Cancellato. In response to a question during a press conference in January, Meloni stated only that her government is offering all possible assistance to help clarify the issue. The Italian government did not respond to a request for comment.
“We are asking for clarity,” Cancellato said in an article on Thursday. “And we have not received it from the government, which has remained silent whenever possible for a year. And when it didn’t remain silent, it told lies.”
John Scott-Railton, a researcher with Citizen Lab who investigated the Paragon cases in Italy, said the new revelation about Cancellato’s hack raises serious questions about why no confirmation was surfaced in prior official investigations by the Italian authorities.
In response to the scandal, Paragon, whose spyware is called Graphite, cancelled its contracts with its Italian government customers.
Apart from Caccia, Casarini, and Cancellato, several other people in Italy were identified as spyware targets, including Ciro Pellegrino, who also works at Fanpage and was alerted of a suspected attack on his iPhone by Apple last year. Citizen Lab researchers later concluded Pellegrino was hacked with Paragon spyware. However, the technical report cited by the prosecutor’s offices said it only found evidence of spyware on the phones of Caccia, Casarini, and Cancellato, not on Pellegrino or four other alleged victims.
“I’m pretty disconcerted,” Pellegrino told reporters. “How is it possible that Citizen Lab, an authority on spyware, found evidence that Paragon’s Graphite was on my phone, while the Italian prosecutors’ experts did not? And why would Apple send me the alerts? For fun?” The prosecutor’s offices in Rome and Naples did not respond to a request for comment. A spokesperson for the Polizia Postale, which is investigating the case, referred inquiries to the prosecutor’s offices.
Paragon, which as of last year had an active contract with the U.S. Immigration and Customs Enforcement, and REDLattice, a company that merged with the spyware maker after its acquisition by AE Industrial, did not respond to a request for comment.
Italy is the most recent European country to be embroiled in a spyware scandal in recent years, following similar cases in Greece, Hungary, Poland, and Spain. At the end of last month, a Greek court sentenced Tal Dilian and three other executives of the spyware maker Intellexa to eight years in prison for illegal wiretapping and privacy violations. This sentencing was part of the so-called “Greek Watergate” scandal, in which the Greek government was accused in 2022 of hacking the phones of politicians, journalists, businesspeople, and military officials with Intellexa’s Predator spyware.