Threat Pegasus remains a topic of global concern. A new investigation by Citizen Lab and the Mexican Digital Rights Defense Network (R3D) reported on Tuesday that the renowned espionage program was employed in Mexico last year. It targeted Apple devices, breaching the security of iPhones and compromising the privacy of users who relied on the brand for daily communication and data security.
Forensic work conducted by the University of Toronto’s research lab alongside the Mexican NGO revealed that the Israeli company NSO Group deployed three new zero-click exploit chains. These attacks infected devices running earlier versions of iOS 15 and iOS 16 without any user interaction. The zero-click nature means a victim does not need to click a link, making the intrusion harder to detect and more dangerous because the compromise can occur invisibly.
Citizen Lab briefed Apple with the findings, prompting a swift response from the tech giant. Apple subsequently released mobile operating system updates designed to close the vulnerabilities and bolster security protections. The most recent iterations of these fixes rolled out between early and mid-April, reflecting ongoing, proactive security hardening by the company.
NEW REPORT The NSO Group’s Pegasus spyware ecosystem shows up again in 2022 with iOS 15 and iOS 16 zero-click exploit chains. The report indicates that NSO clients pursued vulnerabilities against civil society actors, including two human rights defenders in the United States, illustrating the broad reach and real-world impact of these tools. [Citation: Citizen Lab, 2023]
— Citizen Lab
Rape in Mexico
These breaches impacted two officials from the Prodh Center, a Mexican human rights organization. In 2017, Prodh was already under Pegasus surveillance, and the organization has since represented families connected to the 2014 Ayotzinapa case, a national scandal tied to the Peña Nieto administration. The implications of such surveillance extend far beyond individual privacy, raising questions about the safety of civil society and the protection of constitutional rights in volatile political climates.
Current insiders describe the latest breaches as the result of state-sponsored aggressors. While attribution remains uncertain, it appears that Pegasus has found fertile ground within several Mexican institutions. The investigation does not specify how many people may have been tracked through these methods, leaving a cloud of uncertainty over the scope of the intrusion.
What this new evidence demonstrates is the ongoing evolution of Pegasus as it adapts to modern security ecosystems. Last year, Citizen Lab also uncovered that the surveillance toolkit was used to monitor 63 individuals in the United States, including figures tied to the Catalan independence movement as well as high-ranking officials in Spain. The reach of these tools underscores the delicate balance between national security interests and civil liberties in a digital age where surveillance capabilities can outpace policy frameworks.
Mexico, along with several other nations, has become part of a broader pattern in which spyware is deployed to monitor journalists, opposition voices, and humanitarian advocates. A joint investigation by Citizen Lab and Microsoft highlighted additional instances of espionage against critical actors in the public sphere, reinforcing concerns about the accountability and oversight of powerful surveillance technologies. The evolving threat landscape calls for stronger regulatory norms, transparent procurement practices, and independent monitoring to preserve the safety and trust of digital ecosystems that people rely on daily.
As security researchers continue to document these cases, the emphasis remains on protecting users through robust software updates, vigilant device management, and international collaboration to deter illicit experimentation with spyware. The lessons extend beyond any single incident, pointing to a shared responsibility among policymakers, tech companies, and civil society to safeguard privacy, human rights, and democratic participation in an era of increasingly sophisticated digital intrusions. [Citation: Citizen Lab, 2023]