“The Arab writer can be easily killed by their government under the pretext of ‘national security’"
-Turki al-Jasser in 2014, unwittingly predicting how he'd die in 2025.
He was just executed by Saudi Arabia, probably by beheading.
For his posts critical of the government.
He was reportedly tortured while in prison.
Story: 
He was reportedly tortured while in prison.
Story: the Guardian
A Saudi journalist tweeted against the government – and was executed for ‘high treason’
The death of Turki al-Jasser was the first high-profile killing of a journalist since the 2018 murder of Jamal Khashoggi
As a researcher working on targeted / 0click attacks (including a few that have been done over WhatsApp..) it's hard to see how this works without opening up a fat new attack surface to be probed.
I'm also worried about the ways that these advertising signals get used for tracking people in new parts of their digital lives.
And it bugs me that it's going to be really hard if not impossible to use WhatsApp in a privacy-first way.
What are your thoughts?
Writeup: 
Just kidding, they were fine.
I remember getting curious about this & chasing down homeopaths responses.
My favorite went like: 'well of course they survived! They took to much! If they'd only taken less... it could have been really dangerous'
Pic: 
This is not something I was tracking.
Source: 
BACKGROUND
Back in April, #Apple sent out a threat notification to a select group of users. Some got in touch with us to get analyzed.
WHAT WE FOUND
They'd been targeted with a sophisticated zero-click attack (think: no click, no attachment to open, no mistake needed...).
While my brilliant colleague Bill Marczak was working on the phone of a prominent European journalist, he made a smoking gun discovery:
Requests to server matching our P1 fingerprint for #Paragon's graphite.
Paragon's 'undetectable' Apple spyware had just been found... Just as we'd found their Android spyware some months ago.
The prominent European journalist had another spicy indicator on their iPhone logs:
An iMessage account belonging to a particular #Paragon customer...used to deploy this zero-click attack.
We call this account ATTACKER1. We'd find them again in short order...
Earlier this year we uncovered #Paragon's Android spyware after #WhatsApp notified a group of users they'd been targeted with Paragon.
One of the notification recipients? Journalist Francesco Cancellato
His outlet 
Then, in April, his colleague Ciro Pellegrino also gets a notification.
His is from Apple (Cannot overstate how helpful these notifications are)
We analyze Ciro's iPhone & forensically confirm he's a Paragon target.
And we find the ATTACKER1 iMessage account again!
ITALIAN DRAMA
This week #Paragon and #Italy have been locking horns over the case of Francesco Cancellato. Paragon doesn't want to be stuck w/unexplained abuses against journalists.
I think Paragon likely want to be able put to it on a customer & wash hands...
But when your customer is a government... they clap back. So Italy has been threatening to declassify things like Paragon's testimony to their intelligence oversight committee. Spicy.
BIG QUESTION
We're left with a big question: who's hacking European journalists with Paragon?
Who targeted Francesco & Ciro?
Right now they have no answers.
Bad look for Paragon. Bad look for Italy.
Curious what Paragon knows about that server...
BIG PICTURE
Paragon's marketing was the 'clean' & stealthy opposite of NSO Group.
Yet Paragon's Apple and Android tech got caught.
And they can't shake a spyware abuse scandal.
Conclusion: the problem isn't just a few bad apples, abuse is axiomatic.
And discovery is a matter of time.
APPLE USERS:
One bit of good news, Apple tells us that the zero-click attack deployed in these cases was mitigated as of iOS 18.3.1.
That's #CVE-2025-43200 for the curious.
Make sure to keep your iPhones up to date. And get in touch if you get one of these advanced threat notifications.
OUR FULL REPORT: 
That's enough friction to keep the knowledge from most of the globe.
Every time I encounter knowledge gatekeeping in a health related journal I wince.
I wonder if the American Journal of Psychiatry has considered the costs to the field, and our global mental health, of staying closed?
The thing is, I can personally read these articles thanks to my institutional affiliation.
But the momentary friction as I cross through the paywall reminds me that most people can't.
The article: 
Their website: 
Including severing Ledger founder David Balland's finger.
Authorities are probing possible links to additional cases.
This dynamic of remotely-masterminded attacks is terrifying. Nothing about these attacks requires super special skills, and the sheer ease of moving the assets once the wrench attack has happened is likely to attract more criminal groups.
I still think we're in the earliest days of these. Plenty of #OPSEC lessons and complexities to start thinking about here.
Also, almost certainly the case that post- #Coinbase breach we will see more of these attacks.
Read the news story: 
