惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Martin Fowler
Martin Fowler
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
IT之家
IT之家
GbyAI
GbyAI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Y
Y Combinator Blog
博客园 - 【当耐特】
The Cloudflare Blog
宝玉的分享
宝玉的分享
罗磊的独立博客
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
Visual Studio Blog
小众软件
小众软件
博客园_首页
Last Week in AI
Last Week in AI
J
Java Code Geeks
V
V2EX
雷峰网
雷峰网
Apple Machine Learning Research
Apple Machine Learning Research
阮一峰的网络日志
阮一峰的网络日志
腾讯CDC
博客园 - 司徒正美
Engineering at Meta
Engineering at Meta
The GitHub Blog
The GitHub Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
D
DataBreaches.Net
博客园 - 三生石上(FineUI控件)
MyScale Blog
MyScale Blog
云风的 BLOG
云风的 BLOG
The Register - Security
The Register - Security
M
MIT News - Artificial intelligence
Microsoft Azure Blog
Microsoft Azure Blog
T
The Blog of Author Tim Ferriss
N
Netflix TechBlog - Medium
F
Full Disclosure
B
Blog
H
Help Net Security
C
Check Point Blog
WordPress大学
WordPress大学
人人都是产品经理
人人都是产品经理
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Jina AI
Jina AI
酷 壳 – CoolShell
酷 壳 – CoolShell
Blog — PlanetScale
Blog — PlanetScale
L
LangChain Blog
P
Proofpoint News Feed
D
Docker
Microsoft Security Blog
Microsoft Security Blog

Security Latest

British Police Built a Sprawling Crime-Prediction Machine. Some Results Couldn’t Be Trusted Dialog Claims It Was Hacked. A Misconfigured Website Left Its Members Exposed OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos World Cup Scams Are Getting Harder to Spot A Critical Deadline Is Approaching for Windows and Linux Security Hackers Claim to Leak Stolen Madison Square Garden Data How the Peter Thiel-Linked Dialog Club Secretly Ranks Its Members How to Watch the Knicks Parade on NYC Traffic Surveillance Cameras The UK Will Scan Asylum-Seekers’ Faces for Age Checks—Despite Knowing the Tech Is Flawed Leak Exposes Members of Peter Thiel’s Secretive ‘Dialog’ Society ‘Dangerous’ AI Models Are Coming No Matter What Meta Tapped a Pentagon Supplier to Prototype Face Recognition for Its Glasses The FCC Wants to Kill Burner Phones Grok Is Still Hosting Sexualized Deepfakes of Famous Women Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats Trump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief Pick Wrongful Arrest Exposes Failures in One of the Oldest Police Face-Recognition Tools in the US Soccer Fans, You’re Being Watched Mapping Every Flock License Plate Reader Near US World Cup Stadiums Amnesty International Warns That World Cup Fans Face Potential Human Rights Violations Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of You Meta Deletes Face-Recognition System From Its Smart Glasses App After WIRED Report All the Ways Europe Is Ditching American Technology Crypto-Funded Chinese Peptide Labs Are Booming Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones xAI Asks Court to Strip Alleged Grok Deepfake Nudes Victims of Anonymity Android Is Fighting Phone Scams With a New Feature to Prove Who’s Calling The Manhattan Institute Helped Kill DEI. Now It’s Coming for Protests The Romance Scammer Who Made a Small Fortune Posing as a WWE Superstar Websites Can Now Spy on You Through Your Hard Drive Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow The White House’s Aliens.gov Site Brags That ICE Arrested More Than 700 US Citizens The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks Internet Starts to Return in Iran After 3-Month Blackout US Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred Grows The AI Era Is Creating a Bug-Hunting Arms Race The FBI Wants ‘Near Real-Time’ Access to US License Plate Readers ‘Creepy’ Listening Tool for Targeted Ads Didn’t Actually Work, FTC Says A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale The EU Is Going Through a Trump-Fueled Breakup With Big Tech A Bipartisan Amendment Would End Police License Plate Tracking Nationwide Madison Square Garden Bans Lawyer Representing New York Cop Injured at a Boxing Match Data Brokers’ and AI Firms’ Opt-Out Forms Are Built to Fail, Report Finds You Can Get Some of Your Nudes Removed From the Internet Under a New Law An ICE Firearms Trainer Was Involved in At Least 4 Deadly Shootings Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording Your iPhone Gets Stolen. Then the Hacking Begins DHS Plans Experiment Running ‘Reconnaissance’ Drones Along the US-Canada Border WhatsApp Adds Meta AI Chats That Are Built to Be Fully Private Foxconn Ransomware Attack Shows Nothing Is Safe Forever Iran Is Using Tiny ‘Mosquito’ Boats to Shut Down the Strait of Hormuz Hackable Robot Lawn Mower Unlocks a New Nightmare You Can Disable Gemini in Chrome if It’s Freaking You Out Cybercriminals Are Complaining About AI Slop Flooding Their Forums DHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts Disneyland Now Uses Face Recognition on Visitors OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards California Engineer Identified in Suspected Shooting at White House Correspondents Dinner Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet AI Tools Are Helping Mediocre North Korean Hackers Steal Millions Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox Meta Is Sued Over Scam Ads on Facebook and Instagram They Built a Legendary Privacy Tool. Now They’re Sworn Enemies The Weird, Twisting Tale of How China Spied on Alysa Liu and Her Dad It Takes 2 Minutes to Hack the EU’s New Age-Verification App Republican Mutiny Sinks Trump's Push to Extend Warrantless Surveillance The Shocking Secrets of Madison Square Garden’s Surveillance Machine Europe’s Online Age Verification App Is Here The Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought In the Wake of Anthropic’s Mythos, OpenAI Has a New Cybersecurity Model—and Strategy Telegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market The FCC Has a Fast Lane for Complaints About Trump’s Media Critics Meta Is Warned That Facial Recognition Glasses Will Arm Sexual Predators The Dumbest Hack of the Year Exposed a Very Real Problem Your Push Notifications Aren’t Safe From the FBI How the Internet Broke Everyone’s Bullshit Detectors Anthropic’s Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think Politicians Are Spending More Money on Security as They Increasingly Become Targets ‘We Were Not Ready for This’: Lebanon's Emergency System Is Hanging by a Thread Men Are Buying Hacking Tools to Use Against Their Wives and Friends Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything Border Patrol Agents Sold Challenge Coins With ‘Charlotte’s Web’ Characters in Riot Gear Hackers Are Posting the Claude Code Leak With Bonus Malware Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards ‘Uncanny Valley’: Iran’s Threats on US Tech, Trump’s Plans for Midterms, and Polymarket’s Pop-up Flop What Happens When a Nuclear Site Is Hit? Unmasking the Paramilitary Agents Behind Trump’s Violent Immigration Crackdown Apple Will Push Out Rare ‘Backported’ Patches to Protect iOS 18 Users From DarkSword Hacking Tool Iran Threatens to Start Attacking Major US Tech Firms on April 1 The US Military’s GPS Software Is an $8 Billion Mess The Broken System That Keeps Shipping Crews Stranded in the Strait of Hormuz Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’s How Trump’s Plot to Grab Iran's Nuclear Fuel Would Actually Work
Exposed Data Illustrates the Nightmare Scenario for a Stalkerware Victim
Matt Burgess · 2026-04-30 · via Security Latest

Stalkerware allows people to secretly spy on romantic partners, family members or other associates by infecting a target’s phone and then silently amassing their text messages, photos, location information, and other data. The malware is profoundly intrusive in and of itself, but digital rights advocates have long cautioned that on top of violating victims’ personal privacy, it also creates an additional risk that data gathered using spyware could then separately be breached by an additional, unrelated actor, creating a true privacy disaster. New research this week illustrates one such example of a true worst-case scenario.

In findings released on Thursday, a security researcher details the discovery of a cloud repository that was publicly accessible on the open internet with no access controls. It contained nearly 90,000 screenshots showing a European celebrity’s private messages, photos, and phone usage—seemingly compiled using stalkerware.

“All the selfies were one person, all the chats were one person, and it was basically everyone they chatted with divided into Instagram, Facebook, TikTok, and WhatsApp,” Jeremiah Fowler, a researcher with Black Hills Information Security who discovered the exposed data, tells WIRED. “There was a lot of nudity, there were pictures that you wouldn’t want out in the public.”

Among the 86,859 images, Fowlers’ analysis says, were ones capturing the celebrity talking privately with models, influencers, and other high-profile individuals, some of whom have millions of followers on their social media accounts. The screenshots, he says, captured business conversations with invoices and personal payment details, phone numbers, some partial credit card numbers, and huge volumes of sensitive information.

“You capture the initial victim, but you also victimize everyone they communicate with,” he says.

Fowler is not naming the apparent victim or their associates and says he reported the incident to local law enforcement. “Even though this is a very public person, even public people deserve privacy,” Fowler says.

Mistakenly exposed cloud repositories are a long-standing privacy and digital security problem, but these open data troves typically belong to companies that leave access open, exposing corporate secrets or customer information, because of misconfigurations or other oversights. In this case, though, the exposed data appeared to be owned by an individual. Based on the material in the dataset, Fowler attempted to contact the apparent victim, but ultimately notified the cloud service that was hosting the data. The company contacted the owner to have the data secured. Fowler is not publicly naming the host.

The exposed files have all of the characteristics of data collected using spyware—screenshots of particularly sensitive and intimate digital activity taken during a specific time span. And Fowler, who regularly investigates exposed datasets, specifically noticed this trove because the repository was called “Cocospy,” the name of a notorious off-the-shelf spyware tool. Fowler says the exposed data spanned mid-2024 to mid-2025.

Early last year, Cocospy and two other related apps that shared much of the same source code went offline after exposing user information. They became the latest in a long line of stalkerware apps to have suffered security breaches and exposed sensitive information. A flaw in the apps made it possible for anyone to access the huge troves of information that had been gathered from stalkerware victims and simultaneously exposed millions of Cocospy customer email addresses, TechCrunch reported at the time.

“Their malware on Android was full-blown spyware,” says Vangelis Stykas, a security researcher who has analyzed Cocospy and related apps, and is the cofounder and CTO of security firm Kumio AI. “It pretty much uploads everything from your phone to their cloud.”

Cocospy included a “stealth mode” that could take screenshots of what was on a person’s screen every few minutes and upload pictures or the contents of applications from a target device. “Having access to someone’s phone means you have unobstructed access to all of his or her life,” Stykas says.

An archived version of the Cocospy website from 2025, before the service was taken offline, billed the software as “parental control, tracking, and remote surveillance” with the ability to “track locations, messages, calls, and apps.” The site said: “Do it remotely and 100% discreetly.” When WIRED attempted to contact an email address that had been listed on the now defunct website, it returned an error message.

On top of its core surveillance functionality, Cocospy also claimed to allow users to view a target’s contacts, read their WhatsApp chats, get alerts when a target phone moved outside of a certain area marked on a map, and view web browsing history.

“Cocospy is a true spy app, virtually impossible to detect,” its website claimed. “Note that if the person you want to monitor [uses] an Android phone, you will need brief physical access to the target device to get Cocospy set up.” A disclaimer at the bottom of the site noted that it was intended “FOR LEGAL USE ONLY.”

Fowler’s findings on the apparent celebrity exposure comes as digital technology is increasingly being exploited by men to surveil, abuse, and harass women—including in public spaces. Abusers “will use any technology they can get their hands on that allows them to monitor, surveil, control what their partner is doing, saying who they’re seeing, what they're looking up online,” says Katy Brookfield, an associate criminology professor at the University of Nottingham who researches technology-facilitated abuse. “We know they’re accessing this data. We know they’re sometimes storing this data.”

Personal information exposed in leaks or data breaches can lead to harassment, identity theft, or other targeting by cybercriminals. And if someone’s personal data leaks because the individual is already being harassed and targeted by technology abuse, the risks of having that data posted online can be even more devastating than it already would be. As WIRED reported at the start of April, some communities of men online are doxing women they know, sharing their private images, and buying hacking services to use against partners and friends.

“They will sometimes put women’s contact details online with the intention that other men will cause harm to them,” Brookfield says.