NSO Group's Pegasus is at it again. This time the victim was a politician who investigated spyware abuses. The irony is pretty obvious.
Reports from TechCrunch (July 2, 2026) say the phone of a politician who investigated spyware abuses was hacked using Pegasus. Pegasus, the spyware made by Israeli company NSO Group, which has been the subject of various investigations into government abuse worldwide.
This isn't the first time. Pegasus has previously been used to surveil journalists, activists, and opposition figures across multiple countries. Apple sued NSO Group. The United States blacklisted the company. But the software keeps operating and continues to be sold to government clients.
What's Interesting About This Case
There's a pattern that keeps repeating. The most dangerous people to authorities are those who investigate those authorities.
In this case, the politician who investigated spyware abuses got compromised using spyware. Technically this is deeply ironic. Politically it's not surprising at all.
Spyware like Pegasus doesn't need physical access to the device. It just sends an exploit through an unpatched security flaw (zero-day). The victim doesn't need to click anything. Pegasus gets in, and the entire communication on the device can be read, location tracked, microphone and camera turned on without the owner's knowledge.
This is the level of intrusion we're talking about. Not interception. Full takeover.
Why This Keeps Happening
Pegasus keeps operating because demand is still there.
Governments in many countries still want this surveillance capability. The official reason is usually counter-terrorism, organized crime. But evidence from multiple investigations shows much wider use: surveilling journalists, activists, opposition politicians, even academics.
NSO Group provides a very specific service. They don't control how clients use the tools. They sell, clients use, done.
This is a highly profitable business model and very hard to shut down because the activity sits in a legally gray area that's complex in terms of international jurisdiction.
What Can Be Done
From the regular user's perspective:
Keep devices updated routinely is the most basic step. Pegasus exploits zero-days, and prompt patching minimizes the exploitation window.
Lockdown mode (available on iOS and some other platforms) can help limit attack surface, though it doesn't make a device truly immune.
Messaging apps with end-to-end encryption still matter because they encrypt communication content at the network level, though they don't prevent spyware on the device itself from reading before encryption.
But be realistic here: no preventive measure can 100% protect against Pegasus if the adversary is motivated enough and has access to a zero-day exploit. Pegasus isn't your average malware. It's military-grade spyware sold to governments.
Beyond technical measures, what helps is awareness that this capability exists and is being used, and that digital privacy is never truly safe in the context of state-level threats.
Bigger Than This Case
This isn't just about one politician and one spyware. It's about the surveillance-for-hire industry that keeps growing despite all the exposure and sanctions.
This is about the unanswered question: who watches over those who surveil?
The capacity to surveil at this level exists and keeps being refined. International regulation for spyware technology is still very weak. And as long as there's demand from governments, there will always be supply from companies like NSO Group.
What can be done at the policy level is tightening export controls, strengthening sanctions against companies that know about abuse, and increasing transparency about clients and usage.
But in the meantime, the people investigating this abuse remain the most vulnerable targets.
Source: TechCrunch (July 2, 2026) reporting on the phone compromise of a politician who investigated spyware abuses using NSO Group's Pegasus.



