惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

D
DataBreaches.Net
Apple Machine Learning Research
Apple Machine Learning Research
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
SegmentFault 最新的问题
博客园 - 聂微东
罗磊的独立博客
W
WeLiveSecurity
博客园_首页
Scott Helme
Scott Helme
V
Visual Studio Blog
T
The Exploit Database - CXSecurity.com
G
Google Developers Blog
大猫的无限游戏
大猫的无限游戏
Latest news
Latest news
L
Lohrmann on Cybersecurity
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
A
About on SuperTechFans
F
Full Disclosure
Y
Y Combinator Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
博客园 - 司徒正美
博客园 - Franky
C
CXSECURITY Database RSS Feed - CXSecurity.com
F
Fortinet All Blogs
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
阮一峰的网络日志
阮一峰的网络日志
S
Schneier on Security
雷峰网
雷峰网
博客园 - 【当耐特】
P
Privacy International News Feed
C
Cyber Attacks, Cyber Crime and Cyber Security
Engineering at Meta
Engineering at Meta
aimingoo的专栏
aimingoo的专栏
MongoDB | Blog
MongoDB | Blog
J
Java Code Geeks
T
Tor Project blog
V
V2EX
爱范儿
爱范儿
C
Check Point Blog
T
Threatpost
Project Zero
Project Zero
量子位
V
Vulnerabilities – Threatpost
Know Your Adversary
Know Your Adversary
I
Intezer
G
GRAHAM CLULEY
P
Privacy & Cybersecurity Law Blog
GbyAI
GbyAI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com

WIRED

‘Avatar: Aang, The Last Airbender’ Leaked Online. Some Fans Say Paramount Deserves the Fallout NASA Wants to Put Nuclear Reactors on the Moon AI Could Democratize One of Tech's Most Valuable Resources Microsoft Surface PCs Are Getting Big Price Hikes, and the Cheaper Models Are Going Away Why Amazon Is Buying Globalstar—and What It Means for Your iPhone The US Government Will Ask Data Centers How Much Power They Use MAGA Is Starting to Look Beyond Trump Allbirds Is Pivoting to AI Compute. Sure, Why Not Best Smart Smoke Detector (and Why You Still Need a Dumb One) 12 Best Standing Desks of 2026, Tested and Reviewed Best Wi-Fi Routers of 2026 for Working, Gaming, and Streaming Best GoPro Camera (2026): Compact, Budget, Accessories The Caves That Could Help Us Find, or Become, Aliens AI Slop Is Making the Internet Fake-Happy The Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought In the Wake of Anthropic’s Mythos, OpenAI Has a New Cybersecurity Model—and Strategy Telegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market The FCC Has a Fast Lane for Complaints About Trump’s Media Critics Top iRestore Deals for Hair Growth and LED Therapy Devices Meta Is Warned That Facial Recognition Glasses Will Arm Sexual Predators You Should Be More Freaked Out by Shingles BYD’s Fastest-Charging Car in the World Is Astonishing—in Good and Bad Ways The 4 Best Water Filter Pitchers (2026): PFAS, Microplastics The Internet's Most Powerful Archiving Tool Is in Peril The Dumbest Hack of the Year Exposed a Very Real Problem AI Agents Are Coming for Your Dating Life ‘The Audacity’ Is the Broligarchy Takedown You Were Waiting For Why Is It So Hard to Fix an Electric Bike? (2026) Best 2-in-1 Laptops (2026): Microsoft, Lenovo, and the iPad There’s a Secret Ingredient to Making Luxury Ice at Home The Screen Time Legends Who Won't Put Down Their Phones Mammotion’s Spino E1 Is Affordable but Doesn’t Quite Deliver You Don’t Have to Drink Lukewarm Coffee Ever Again. Get a Warmer Zuvi ColorBox Review: Please Just Go to a Professional MacBook Neo vs. MacBook Air: Which One Should You Buy? Best Electric Cargo Bikes (2026): Urban Arrow, Lectric, Tern, and More ‘Crimson Desert’ Is a Cat Dad Simulator Your Push Notifications Aren’t Safe From the FBI Flight Path Data Shows How Mosquitoes Target Humans How the Internet Broke Everyone’s Bullshit Detectors The All-Clad Factory Seconds Sale Is Back—for Now (2026) Artemis II Astronauts Safely Return to Earth After Historic Flight Around the Moon Home Depot Spring Black Friday (2026): Best Tool and Grill Deals Motorola’s Souped-Up Folding Phone Is Almost Half Off Anthropic’s Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think The Future of the Artemis Program Is Riding on Reentry Suspect Arrested for Allegedly Throwing Molotov Cocktail at Sam Altman’s Home "Uncanny Valley": OpenAI and Musk Fight Again; DOJ Mishandles Voter Data; Artemis II Comes Home This Clever Bike Bell Can Even Be Heard by People Wearing Noise-Canceling Headphones This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts I Did Not Catch Air on the Aventon Current Electric Mountain Bike, but I Could Have Best Smart Shades, Blinds, and Curtains (2026): Motorized, Tailor-Made, and More How 'Democracy Now!' Became the Blueprint for Indie Media AI Podcasters Really Want to Tell You How to Keep a Man Happy Irrigreen's New Smart Irrigation System Promises Smart Watering Without the Hassle—Almost No One Knows Where US Vaccine Policy Goes Next I Tried Asus' First Open Earbuds for Gamers Meta’s New AI Asked for My Raw Health Data—and Gave Me Terrible Advice How and When to Watch the Artemis II Mission’s Return to Earth Naturepedic Promo Codes: Get 20% Off Plus Free Pillows Hungryroot Coupon Codes: 30% Off This April Govee Discount Codes and Deals: 30% Off We-Vibe Coupon Offers: Couples’ Toys and Gift Set Discounts Sealy Promo Code: Save $200 on Mattresses This Month OpenAI Backs Bill That Would Limit Liability for AI-Enabled Mass Deaths or Financial Disasters China Is Cracking Down on Scams. Just Not the Ones Hitting Americans The 70-Person AI Image Startup Taking on Silicon Valley's Giants Save $20 on This Already Inexpensive Wireless Mic Set John Deere Is Paying Farmers $99 Million for Allegedly Monopolizing Repair The Iran War Is Tearing MAGA Influencers Apart The FBI Didn’t Answer Texts From Minnesota Investigators for Days After Renee Good’s Killing The Pro-Iran Meme Machine Trolling Trump With AI Lego Cartoons Ridge Wallet Review: A Beacon for the Overencumbered How Meta Cafeteria Workers Took on ICE—and Won Get Peace of Mind With This GPS and Activity Tracker for Pets I Asked Netflix’s Reality TV Boss Why So Many Men On Dating Shows Are Terrible I Tried TCL’s Samsung Frame Competitor and It Didn’t Compare Politicians Are Spending More Money on Security as They Increasingly Become Targets This AI Wearable From Ex-Apple Engineers Looks Like an iPod Shuffle Artemis II Astronauts Witnessed 6 Meteorites Colliding With the Moon Medicube Coupon Code: 40% Off for April 2026 Top Instacart Promo Code: $15 Off for July 2026 Vivid Seats Promo Codes and Deals: Get 10% Off Birdfy Discount Codes: 15% Off Sitewide Google Workspace Promo Codes: 14% Off for June Paramount+ Coupon Codes and Deals for June 2026 NZXT Discount Codes: 50% Off in June 2026 LG Promo Codes and Coupons for June 2026 AT&T Promo Codes: $50 Off This June 2026 TurboTax Full Service Coupons This June Top Peacock Promo Codes: 40% Off June 2026 Therabody Promo Codes: 15% Off June 2026 Surfshark Promo Codes: 87% Off | June 2026 Nomad Goods Promo Codes: Get 25% Off in June 2026 20% Off Sephora Promo Code | June 2026 30% Off Canon Promo Codes | June 2026 Factor Promo Codes for July 2026 Top Dell Coupon Codes: 20% Off for June 2026 Walmart Promo Codes: Up to 65% Off for June 2026 What Is the Best Fitness Tracker in 2026? Garmin, Oura, More
Exposed Data Illustrates the Nightmare Scenario for a Stalkerware Victim
Matt Burgess · 2026-04-30 · via WIRED

Stalkerware allows people to secretly spy on romantic partners, family members or other associates by infecting a target’s phone and then silently amassing their text messages, photos, location information, and other data. The malware is profoundly intrusive in and of itself, but digital rights advocates have long cautioned that on top of violating victims’ personal privacy, it also creates an additional risk that data gathered using spyware could then separately be breached by an additional, unrelated actor, creating a true privacy disaster. New research this week illustrates one such example of a true worst-case scenario.

In findings released on Thursday, a security researcher details the discovery of a cloud repository that was publicly accessible on the open internet with no access controls. It contained nearly 90,000 screenshots showing a European celebrity’s private messages, photos, and phone usage—seemingly compiled using stalkerware.

“All the selfies were one person, all the chats were one person, and it was basically everyone they chatted with divided into Instagram, Facebook, TikTok, and WhatsApp,” Jeremiah Fowler, a researcher with Black Hills Information Security who discovered the exposed data, tells WIRED. “There was a lot of nudity, there were pictures that you wouldn’t want out in the public.”

Among the 86,859 images, Fowlers’ analysis says, were ones capturing the celebrity talking privately with models, influencers, and other high-profile individuals, some of whom have millions of followers on their social media accounts. The screenshots, he says, captured business conversations with invoices and personal payment details, phone numbers, some partial credit card numbers, and huge volumes of sensitive information.

“You capture the initial victim, but you also victimize everyone they communicate with,” he says.

Fowler is not naming the apparent victim or their associates and says he reported the incident to local law enforcement. “Even though this is a very public person, even public people deserve privacy,” Fowler says.

Mistakenly exposed cloud repositories are a long-standing privacy and digital security problem, but these open data troves typically belong to companies that leave access open, exposing corporate secrets or customer information, because of misconfigurations or other oversights. In this case, though, the exposed data appeared to be owned by an individual. Based on the material in the dataset, Fowler attempted to contact the apparent victim, but ultimately notified the cloud service that was hosting the data. The company contacted the owner to have the data secured. Fowler is not publicly naming the host.

The exposed files have all of the characteristics of data collected using spyware—screenshots of particularly sensitive and intimate digital activity taken during a specific time span. And Fowler, who regularly investigates exposed datasets, specifically noticed this trove because the repository was called “Cocospy,” the name of a notorious off-the-shelf spyware tool. Fowler says the exposed data spanned mid-2024 to mid-2025.

Early last year, Cocospy and two other related apps that shared much of the same source code went offline after exposing user information. They became the latest in a long line of stalkerware apps to have suffered security breaches and exposed sensitive information. A flaw in the apps made it possible for anyone to access the huge troves of information that had been gathered from stalkerware victims and simultaneously exposed millions of Cocospy customer email addresses, TechCrunch reported at the time.

“Their malware on Android was full-blown spyware,” says Vangelis Stykas, a security researcher who has analyzed Cocospy and related apps, and is the cofounder and CTO of security firm Kumio AI. “It pretty much uploads everything from your phone to their cloud.”

Cocospy included a “stealth mode” that could take screenshots of what was on a person’s screen every few minutes and upload pictures or the contents of applications from a target device. “Having access to someone’s phone means you have unobstructed access to all of his or her life,” Stykas says.

An archived version of the Cocospy website from 2025, before the service was taken offline, billed the software as “parental control, tracking, and remote surveillance” with the ability to “track locations, messages, calls, and apps.” The site said: “Do it remotely and 100% discreetly.” When WIRED attempted to contact an email address that had been listed on the now defunct website, it returned an error message.

On top of its core surveillance functionality, Cocospy also claimed to allow users to view a target’s contacts, read their WhatsApp chats, get alerts when a target phone moved outside of a certain area marked on a map, and view web browsing history.

“Cocospy is a true spy app, virtually impossible to detect,” its website claimed. “Note that if the person you want to monitor [uses] an Android phone, you will need brief physical access to the target device to get Cocospy set up.” A disclaimer at the bottom of the site noted that it was intended “FOR LEGAL USE ONLY.”

Fowler’s findings on the apparent celebrity exposure comes as digital technology is increasingly being exploited by men to surveil, abuse, and harass women—including in public spaces. Abusers “will use any technology they can get their hands on that allows them to monitor, surveil, control what their partner is doing, saying who they’re seeing, what they're looking up online,” says Katy Brookfield, an associate criminology professor at the University of Nottingham who researches technology-facilitated abuse. “We know they’re accessing this data. We know they’re sometimes storing this data.”

Personal information exposed in leaks or data breaches can lead to harassment, identity theft, or other targeting by cybercriminals. And if someone’s personal data leaks because the individual is already being harassed and targeted by technology abuse, the risks of having that data posted online can be even more devastating than it already would be. As WIRED reported at the start of April, some communities of men online are doxing women they know, sharing their private images, and buying hacking services to use against partners and friends.

“They will sometimes put women’s contact details online with the intention that other men will cause harm to them,” Brookfield says.