In what may be the most on-the-nose story of 2026, a former European Parliament member who was actively investigating illegal surveillance found himself on the receiving end of - you guessed it - illegal surveillance. According to a report cited by Al Jazeera, Greek ex-parliamentarian Stelios Kouloglou was targeted with Pegasus spyware, the notorious Israeli-made hacking tool developed by NSO Group.
The fox is in the henhouse, and the henhouse is a phone
The finding comes from an analysis by Citizen Lab, the University of Toronto-based research group that has become something of the world's foremost Pegasus-tracker. Citizen Lab has previously exposed Pegasus infections targeting journalists, activists, and heads of state across dozens of countries, so their methodology here carries significant weight.
Kouloglou, who served in the European Parliament, was involved in scrutinizing surveillance practices - the kind of work that apparently makes someone a very interesting target for the exact tools they are investigating. The precise timing and origin of the attack have not been fully disclosed in available reports, and it remains unclear which state or actor deployed the spyware against him.
What is Pegasus, and why does everyone keep freaking out about it?
For the uninitiated: Pegasus is a piece of military-grade spyware built by the Israeli firm NSO Group. Once installed on a smartphone - often without the target clicking anything at all, through so-called "zero-click" exploits - it can access messages, emails, calls, microphone, camera, and basically everything else on the device. NSO Group insists it only sells to vetted governments for legitimate law enforcement purposes. Critics, researchers, and a growing list of hacked politicians beg to differ.

The European Parliament has been on high alert regarding Pegasus since 2022, when reporting revealed the spyware had been used against multiple EU officials and journalists across member states including Hungary, Greece, and Spain. The so-called "PEGA committee" was established specifically to investigate these abuses.
The bigger picture
This latest revelation lands at a particularly awkward moment for European institutional trust. If the people tasked with investigating surveillance overreach are themselves being surveilled, it raises a pretty uncomfortable question: who exactly is watching the watchers?
As of the time of writing, no official attribution for the attack on Kouloglou has been confirmed. The case is expected to intensify calls from civil liberties groups and some EU legislators for stricter regulation - or an outright ban - on commercial spyware within the bloc.
Source: Al Jazeera, reporting on a Citizen Lab analysis published in July 2026.





