Pegasus Spyware Compromises MEP Kouloglou

New information from Citizen Lab confirms that Stelios Kouloglou, a former Member of the European Parliament (MEP), had his iPhone repeatedly infected with NSO Group's Pegasus spyware. The compromise occurred on or around October 21, 2022, and again on March 6 and 7, 2023. These attacks targeted Kouloglou while he served on the PEGA Committee, which investigated the misuse of commercial surveillance tools within the European Union.

Citizen Lab's forensic analysis showed an Apple HomeKit zero-click exploit, codenamed PWNYOURHOME, initially delivered Pegasus. This vulnerability, later addressed by Apple in iOS 16.3.1, allowed attackers to access Kouloglou's device without any user interaction. Attackers could have accessed confidential documents and internal discussions related to the spyware committee on which Kouloglou sat.

This incident shows the continued threat sophisticated surveillance technology poses to high-profile individuals, including those working to expose its abuse. The findings also suggest a connection with previous Pegasus campaigns that targeted Russian and Belarusian-speaking journalists and activists in Europe, indicating a common operator with wide targeting capabilities across several European jurisdictions. The repeated attacks and their timing, which align with Kouloglou's committee work, show a deliberate effort to surveil a key figure in European oversight.

How MEP Stelios Kouloglou was compromised by Pegasus

Stelios Kouloglou's iPhone was compromised with Pegasus spyware using a zero-click exploit in Apple's HomeKit software, PWNYOURHOME. Citizen Lab's forensic analysis, conducted in May 2026, pinpointed the initial infection to October 21, 2022, with subsequent compromises on March 6 and 7, 2023. At the time of these attacks, Kouloglou's device operated on iOS 15.5.

The PWNYOURHOME exploit installed Pegasus without any interaction from the target, bypassing security measures. Citizen Lab observed a lookup for the HomeKit email address rauharepo888[@]gmail.com immediately before the Pegasus process used mobile data on October 21, 2022. This email address has been linked to previous Pegasus infections targeting Russian and Belarusian-speaking exiled journalists and activists, suggesting a consistent operator behind multiple campaigns.

The timing of these infections is important. The first attack in October 2022 occurred while Kouloglou was in the hospital for elective surgery and had been visited by Greek investigative journalist Thanasis Koukakis. Koukakis had previously testified before the PEGA Committee after being targeted with Intellexa's Predator spyware. The subsequent infections in March 2023 coincided with intense discussions during the final drafting process of the PEGA Committee's report, just two months before its adoption.

Kouloglou received Apple threat notifications about mercenary spyware targeting on March 2, 2023, August 29, 2023, and April 10, 2024. These notifications align with the detected infection periods and demonstrate the persistent targeting of his device. While Citizen Lab has not attributed the attacks to a specific government, the shared infrastructure indicators suggest a Pegasus customer with licenses enabling surveillance in multiple EU countries.

The Avalon malware framework and its capabilities

The Avalon malware framework is a new, modular threat identified by Blackpoint Cyber researchers. It distributes the CrownX ransomware. This framework uses a multi-stage phishing chain designed to evade security controls. The initial step involves spoofed legal document emails directing recipients to password-protected archives hosted on Proton Drive.

Malicious content is embedded within an ISO image instead of being attached directly. This technique reduces the chance of detection at the email gateway. If a recipient interacts with a document-themed Windows Shortcut (e.g., "Secure Document CA-283505.pdf.lnk") inside the mounted image, it starts a staged malware sequence. This sequence concludes with Avalon's deployment by executing an MSBuild project, which then loads an embedded .NET assembly. This assembly interferes with Event Tracing for Windows (ETW) to minimize forensic visibility before downloading the Avalon payload over HTTPS.

Avalon integrates many functions, including:

  • Credential Harvesting: Collects credentials, cookies, history, and bookmarks from Chromium-based browsers and Mozilla Firefox. It also targets data from cryptocurrency wallet applications such as MetaMask, Phantom, Coinbase Wallet, Exodus, Electrum, Atomic Wallet, Ledger Live, and Bitcoin Core, along with data from Discord, Slack, Teams, OpenVPN, WireGuard, and Windows Credential Manager.
  • Reconnaissance and Lateral Movement: Gathers details on SSH known hosts, saved RDP connections, Wi-Fi profiles, and Group Policy Preferences cpassword artifacts to prioritize systems for expanding compromise.
  • Defense Evasion: Features an extensive evasion system designed to hide execution from security tools including Microsoft Defender, SentinelOne, CrowdStrike, Sophos, Elastic Endpoint, FortiEDR, ESET, McAfee, and Bitdefender.
  • Data Exfiltration and Command & Control (C2): Exfiltrates collected data to a remote server, helloxcherry[.]com, and polls it for tasking commands.
  • Ransomware Execution: The CrownX component encrypts files associated with business operations, software development, engineering, data storage, and virtual infrastructure using the Windows Cryptography API. It delivers a ransom note with payment instructions and deadline timers.
  • Recovery Disruption and Anti-Forensics: Terminates the Volume Shadow Copy Service and deletes shadow copies to prevent system recovery. An anti-forensic cleanup system removes traces of artifacts to complicate incident response efforts.
  • System Damage: Directly interacts with disk structures, potentially to damage partition information, boot records, or other critical areas, rendering systems unusable.

Blackpoint Cyber notes that Avalon shows signs of AI-assisted development, combining multiple components without necessarily demonstrating sophisticated tradecraft or operational security. This suggests that AI tools are lowering the barrier to entry for complex malware development, allowing actors with limited expertise to produce multi-functional tools.

Unpatched vulnerabilities in the FatFs filesystem library

runZero has disclosed seven vulnerabilities in FatFs, a widely used, compact filesystem library that enables devices to read and write FAT and exFAT formats found on USB drives and SD cards. These flaws affect millions of embedded devices globally, including security cameras, drones, industrial controllers, and hardware crypto wallets. All seven bugs allow an attacker to trigger memory corruption or device crashes by presenting deliberately malformed storage volumes or firmware images, exploiting how FatFs handles bad data.

The most critical vulnerability is CVE-2026-6682 (CVSS 7.6, High), an integer overflow in the FAT32 volume mounting code. This flaw can lead to an incorrect calculation of file sizes, which subsequent code then misinterprets as a legitimate read length, resulting in memory corruption and potential code execution. This particular bug is also reachable through certain firmware updates, not just physical media.

The identified vulnerabilities include:

  • CVE-2026-6682 (CVSS 7.6, High): A FAT32 mount integer overflow that can lead to memory corruption and remote code execution.
  • CVE-2026-6687 (CVSS 7.6, High): An exFAT volume-label field overflow that provides a memory-corruption foothold.
  • CVE-2026-6688 (CVSS 7.6, High): Long filenames can overflow wrapper code implemented by projects integrating FatFs, such as a strcpy of fno.fname into a fixed buffer. This issue is difficult to fix within FatFs alone.
  • CVE-2026-6685 (CVSS 6.1, Medium): A mathematical wrap-around in cache handling for fragmented volumes, which can silently corrupt data.
  • CVE-2026-6683 (CVSS 4.6, Medium): An exFAT divide-by-zero error that causes device crashes and can potentially brick hardware during an update process. This is also reachable through some firmware updates.
  • CVE-2026-6686 (CVSS 4.6, Medium): A file extended beyond its end, leading to leakage of leftover data from previously deleted files.
  • CVE-2026-6684 (CVSS 4.6, Medium): A malformed GPT partition table that can hang the device during the mount process. This is the only one of the seven vulnerabilities that has been fixed upstream in FatFs R0.16.

runZero attempted to contact the sole developer of FatFs and involved JPCERT/CC for coordination, but received no response regarding patches for the most critical memory corruption flaws. This poses a significant supply chain security risk, as many platforms and vendors bundle FatFs, including Espressif ESP-IDF, STMicroelectronics STM32Cube, Zephyr, MicroPython, ArduPilot, RT-Thread, Mbed, Samsung TizenRT, and the SWUpdate updater. These platforms span consumer IoT, industrial equipment, drones, and cryptocurrency wallets.

While no attacks exploiting these specific bugs have been reported, runZero has publicly released proof-of-concept disk images, a test harness, and a working QEMU-based exploit example. The discovery process itself showed the increasing role of AI in vulnerability research, as runZero used an off-the-shelf AI setup (Visual Studio Code, GitHub Copilot) to build a fuzzer that uncovered these bugs, which manual audits had previously missed. This incident is similar to recent AI-driven discoveries in SQLite and FFmpeg, indicating that accessible AI tools can now uncover complex vulnerabilities.

The Bad Epoll Linux kernel flaw

The Bad Epoll Linux kernel flaw, tracked as CVE-2026-46242, is a local privilege escalation bug. It allows an unprivileged user to gain root control over a machine. This use-after-free vulnerability affects Linux desktops, servers, and Android devices running kernels 6.4 or newer, unless already patched. The flaw resides in the epoll subsystem, a standard Linux feature for programs monitoring multiple files or network connections simultaneously, making it impossible to disable without significant system impact.

Researcher Jaeyoung Chung discovered Bad Epoll and developed a working exploit, submitted to Google's kernelCTF program. The bug arises from a brief timing collision where two kernel processes attempt to clean up the same internal epoll object concurrently. One process frees the memory while another is still writing to it, allowing an attacker to corrupt kernel memory and escalate privileges to root. Chung's exploit reliably achieves root access on tested systems, overcoming the challenge of a narrow six-instruction timing window by widening it and retrying without crashing.

Bad Epoll can be triggered from within Chrome's renderer sandbox, a security boundary that typically isolates browser processes from the underlying kernel. This capability makes it dangerous because it bypasses a widely deployed defense mechanism. While an Android version of the exploit is still under development, its potential impact on many mobile devices is significant.

The vulnerability stems from a 2023 change to the epoll code, the same section where Anthropic's Mythos AI model previously identified a different race condition bug, CVE-2026-43074. This earlier flaw was patched in 2026. However, Mythos missed Bad Epoll, likely due to the extremely narrow timing window and because the memory error often does not trip KASAN, the kernel's primary bug detector, once the first bug is resolved. This shows the challenges in detecting complex race conditions, even for advanced AI.

A fix for Bad Epoll is available through upstream commit a6dc643c69311677c574a0f17a3f4d66a5f3744b. Users of affected Linux distributions and Android devices should apply patches from their vendors as soon as they become available. This flaw joins other Linux kernel privilege escalation vulnerabilities, including Copy Fail (CVE-2026-31431), Dirty Frag, Fragnesia, DirtyClone, and pedit COW, though Bad Epoll is a more challenging "race-to-win" type of exploit, similar to Dirty Cow.

Technical Takeaways

  • The Pegasus spyware, developed by NSO Group, exploited an Apple HomeKit zero-click flaw (PWNYOURHOME, patched in iOS 16.3.1) to compromise a European Parliament Member.
  • The Avalon modular malware framework, featuring CrownX ransomware, uses multi-stage phishing, ISO images, and MSBuild to bypass security products including Microsoft Defender, SentinelOne, and CrowdStrike.
  • runZero identified seven unpatched vulnerabilities in the widely embedded FatFs filesystem library. One of these, CVE-2026-6682 (CVSS 7.6), enables memory corruption and code execution on millions of devices. A public proof-of-concept is available.
  • The Bad Epoll Linux kernel flaw (CVE-2026-46242) is a local privilege escalation (use-after-free) affecting Linux and Android. It can grant root access and bypass the Chrome renderer sandbox. A fix is available in kernel commit a6dc643c6931.
  • An AI-built fuzzer discovered the FatFs vulnerabilities, but the Mythos AI missed the Bad Epoll flaw. This shows both the capabilities and limitations of AI in vulnerability research, especially with complex race conditions.