I still can't find anything on NL using Pegasus, but I did find this:
https://www.theregister.com/2022/06/24/nso_customers_eu_pegasus/
One has to wonder how many nation states use Pegasus. The U.S. denies using Pegasus, and if they are not specifically using Pegasus, they made their own version. How else did the U.S. guv hack Angela Merkel's phone?
One thing to note is Pegasus was first designed to crack iPhones remotely as that is what most security conscious reporters and guv agents have used. Pegasus has of course moved on to Android. Now, how well GOS protects from Pegasus is unknown but with sandboxed apps and a hardened malloc, GOS would no doubt be better than stock Android if and until GOS itself is targeted.
Also, these Pegasus type attacks only work (for now) over a SIM card. If your are truly high threat model, use a GOS phone that has never had SIM in it and communicate over WiFi only. Ideally never using your home WiFi while using various restaurants, bars, fast food places, coffee shops, etc. MAC randomization is a great help with not tracking you on WiFi, while IMSI and IMEI will toast you with a SIM.