Protei
November 8, 2025
•[ data leak, hack, website defacement ]
Surveillance-technology and telecom systems provider Protei, founded in Russia and now headquartered in Jordan, was hacked by an unidentified actor who defaced its public website around November 8, 2025 and stole the contents of its web server, including about 182 GB of historical emails and files related to its deep packet inspection and lawful intercept products used by telecoms across dozens of countries.
Colombian Justice Minister Andres Idarraga
August 1, 2025
•[ spyware, Pegasus, surveillance ]
Colombias justice minister stated that forensic evidence indicates his phone was hacked using Israeli Pegasus spyware during the second half of 2025 while he was investigating alleged corruption in the military. He alleged the operation was ordered through the Defense Ministry using state counterintelligence structures and confidential funds. According to his statement, investigators found his phone was taken over more than 8,700 times and that 2.3 GB of data were downloaded, including sensitive corruption complaints, and that the camera/microphone were illicitly activated on numerous occasions. The incident is characterized as a targeted spyware intrusion against a senior government official with alleged state involvement.
Boniface Mwangi (Kenyan activist)
July 1, 2025
•[ spyware, surveillance, data extraction ]
An AFP/Digital Journal report said Kenyan activist Boniface Mwangi feared for his life after learning spyware was installed on his phone while it was in police custody following his July 2025 arrest. The article cited Citizen Lab findings that a surveillance tool linked to Cellebrite technology enabled Kenyan police to access extensive content on the device, including messages, private files, financial information, passwords, and other sensitive data. The report describes state-enabled device compromise/data extraction rather than an enterprise network breach.
Kerala State Film Development Corporation (KSFDC)
May 12, 2025
•[ data leak, insider threat, surveillance ]
Reporting described a major cybersecurity breach in which CCTV footage recorded inside government-owned theatres in Thiruvananthapuram (Kairali, Sree, and Nila) appeared on pornographic websites and then spread via Telegram/X and other channels. The leaked clips visibly displayed the KSFDC logo on seats, strongly indicating the source. Authorities opened a high-level inquiry and a cyber-cell investigation, with officials considering possibilities including insider misuse by staff with access to surveillance systems or an external intrusion into the CCTV network. No specific perpetrator, intrusion method, or exact timeframe for initial compromise was provided, but the incident resulted in non-consensual exposure of surveillance video of patrons.
Serbian Student Activist
February 28, 2025
•[ vulnerability, zero-day, surveillance ]
Amnesty reported Cellebrite zero-day used to unlock Serbian activists Android device.
Teixeira Cândido (Angolan journalist) / Syndicate of Angolan Journalists context
May 3, 2024
•[ spyware, Predator, mobile infection ]
Amnesty Internationals Security Lab reported forensic confirmation that Intellexas Predator spyware successfully infected the iPhone of Angolan journalist and press freedom activist Teixeira Cndido on May 4, 2024 after he opened a malicious link sent via WhatsApp. Amnesty said the attacker could have gained wide access to device data (including messages and files) and that the infection appears to have been removed after the phone was restarted later that day. The investigation described multiple additional infection links sent afterward that did not appear to succeed. Attribution to a specific government customer was not made in the public report.
Loïc Lawson and Anani Sossou
January 16, 2024
•[ spyware, surveillance, Pegasus ]
Reporters Without Borders (RSF) announces to have found traces of spyware resembling NSO groups Pegasus surveillance tool on the phones of two journalists in Togo (Loc Lawson and Anani Sossou).
