Newsletters
Israeli spyware company Paragon Solutions accidentally exposed its secretive Graphite surveillance dashboard in a LinkedIn post, revealing operational details of a tool used to infiltrate encrypted communications on devices worldwide.
Cybersecurity researcher Jurre van Bergen spotted the image posted by Paragon's general counsel on Feb. 11, 2026.
The screenshot displayed a Czech phone number labeled "Valentina," active interception logs dated Feb. 10, 2026, and interfaces for monitoring encrypted applications like WhatsApp through zero-click exploits.
John Scott-Railton, a senior researcher at the University of Toronto's Citizen Lab, described the disclosure as an "epic OPSEC fail," highlighting how the operational security lapse compromised industry secrecy standards.
The post was quickly deleted but spread rapidly across social media, intensifying scrutiny of Paragon's surveillance operations.
Paragon calls operations security (OPSEC) failure a small price to pay for "female empowerment."
The company said in response to the Israeli media outlet Channel 12's request regarding the incident that "it is indeed unpleasant but also not terrible, because the content of the specific slide does not have new information regarding the company.
At the same time, this is a small image price to pay in relation to the contribution of female empowerment and the visit of the class of gifted students in the company."
Founded in Israel in 2019, Paragon markets Graphite as sophisticated surveillance software capable of remotely accessing mobile phones without requiring any action from the target, a capability known as "zero-click" exploitation.
The spyware can extract messages from encrypted applications like WhatsApp and Signal, access stored data, and monitor live communications, according to technical analyses by Citizen Lab researchers.
Once installed, the software operates at the device level, granting operators access to stored data, microphone and camera activation, and messages accessed before encryption or after decryption.
Citizen Lab confirmed in June 2025 that two journalists were targeted using Graphite with high confidence. Apple later patched the underlying vulnerability in iOS 18.3.1 and assigned it CVE-2025-43200.
WhatsApp accused Paragon in early 2025 of targeting 90 journalists and civil society figures through zero-click vulnerabilities.
Among the identified targets was Francesco Cancellato, editor-in-chief of the Italian investigative website Fanpage. It is known for critical coverage of Prime Minister Giorgia Meloni's party.
"Commercial spyware makers will inevitably face abuse of their products once they start selling to a broader customer base," Scott-Railton told media outlets.
"It's not just dictatorships that abuse spyware—it happens in democracies too," he noted.
WhatsApp sent Paragon a cease-and-desist letter ordering the company to stop using the messaging platform to infiltrate devices.
Paragon announced it severed its contract with the Italian government following the targeting scandal.
Citizen Lab analysis identified Paragon's clients as including governments in Australia, Canada, Greek Cyprus, Denmark, Israel and Singapore.
In January 2025, the Trump administration publicly confirmed that the U.S. government purchased Graphite to support Immigration and Customs Enforcement operations. The contract reportedly faced White House review, with at least 36 civil society organizations calling for transparency.
Public procurement records show U.S. immigration enforcement agencies have engaged with Paragon's technology, including contracts with the Department of Homeland Security and ICE.
Civil rights groups documented Graphite deployments in Canada, including Ontario, raising human rights concerns over the surveillance of activists.
U.S. private equity firm AE Industrial Partners acquired Paragon for $500 million in cash, with the deal potentially reaching $900 million if performance targets are met.
Former Israeli Prime Minister Ehud Barak, a company co-founder and board member, reportedly received $10-15 million from the transaction.
Paragon's founding team includes former Unit 8200 commander Ehud Schneorson alongside other intelligence veterans.
The company's U.S. subsidiary leadership includes a CIA veteran and former defense contractor executives.
Three days after the acquisition was announced, Israel's Ministry of Defense said a request to approve the sale had never been submitted as required by the Defense Export Controls Agency.
Paragon operates within a broader Israeli surveillance technology ecosystem that has faced repeated controversy.
NSO Group's Pegasus spyware was found by a California court in 2019 to have been sold to governments for hacking WhatsApp accounts. The company was ordered to pay $167 million in damages to Meta and was blacklisted by the Biden administration in 2021.
Other blacklisted Israeli firms include Candiru, Cytrox and Intellexa, all founded by Unit 8200, a signals intelligence (SIGINT) unit in the Israeli army, veterans.
Israeli firm Cellebrite, which extracts data from seized devices, holds contracts worth tens of millions of dollars with U.S. agencies, including ICE, Customs and Border Protection, the FBI, and numerous police departments.
The company also has contracts with UK police forces and Australian government agencies.
Cobwebs Technologies, another Israeli firm founded by Unit 8200 officers, has a $5.3 million contract with the Texas Department of Public Safety and a $3.2 million contract with the Department of Homeland Security.
Cognyte, spun out of Israeli firm Verint, has signed deals worth nearly $60 million with Western law enforcement and military agencies in the past 18 months, including a $20 million contract with a European national security agency.
Digital rights advocates argue that the commercial spyware industry poses fundamental threats to privacy and civil liberties.
"For some time, Paragon has had the reputation of a 'better' spyware company not implicated in obvious abuses, but WhatsApp's recent revelations suggest otherwise," said Natalia Krapiva, senior tech legal counsel at Access Now.
"This is not just a question of some bad apples—these types of abuses are a feature of the commercial spyware industry," she noted.
Paragon claims to sell its products only to "vetted governments" operating within legal frameworks, positioning itself as an ethical alternative to competitors. However, the WhatsApp accusations and LinkedIn exposure have undermined that narrative.
Researchers note that even democratic governments can misuse powerful surveillance tools when operations are conducted in secret, as evidenced by the Israeli police's domestic use of Pegasus spyware.
Set as preferred source
Set as preferred source
1 min read
1 min read
