Private Chats, Photos of Celebs Exposed in Suspected Stalkerware Leak

Private chats and photos of celebrities and influencers were exposed after a suspected stalkerware setup left a database open, revealing sensitive messages and files...

A week in security (January 5 – January 11)

Last week on Malwarebytes Labs: pcTattletale founder pleads guilty as US cracks down on stalkerware Are we ready for ChatGPT Health? CISA warns of active attacks on HPE OneView and legacy PowerPoint Lego’s Smart Bricks explained: what they do, and what they don’t Fake WinRAR downloads hide malwar...

pcTattletale founder pleads guilty as US cracks down on stalkerware

Reportedly, pcTattletale founder Bryan Fleming has pleaded guilty in US federal court to computer hacking, unlawfully selling and advertising spyware, and conspiracy. This is good news not just because we despise stalkerware like pcTattletale, but because it is only the second US federal...

pcTattletale Founder Bryan Fleming Pleads Guilty in Federal Stalkerware Case

Bryan Fleming, founder of pcTattletale, pleads guilty in a landmark federal spying case. Read how an undercover HSI sting and a data breach ended a decade of illegal stalkerware sales...

A week in security (November 3 – November 9)

Last week on Malwarebytes Labs: Malwarebytes scores 100% in AV-Comparatives Stalkerware Test 2025 Fake CAPTCHA sites now have tutorial videos to help victims install malware Hackers commit highway robbery, stealing cargo and goods Android malware steals your card details and PIN to make instant A...

Malwarebytes scores 100% in AV-Comparatives Stalkerware Test 2025

The AV-Comparatives Stalkerware Test 2025 delivers a sobering look at the evolving threat posed by stalkerware on mobile devices. Despite measures from both the tech industry and platform providers, stalkerware-type apps, which are apps that can be installed covertly to spy on a victim’s private...

EUVD-2025-18859

Malicious code in bioql PyPI...

More vulnerable stalkerware victims’ data exposed in new TheTruthSpy flaw

TheTruthSpy is at it again. A security researcher has discovered a flaw in the Android-based stalkerware that allows anyone to compromise any record in the system. TheTruthSpy stalkerware is designed to be installed surreptitiously on a victim's Android phone. It then monitors that phone's...

Linux Distros Unpatched Vulnerability : CVE-2025-52926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface. CVE-2025-52926 Note that Nessus relies...

Thwart Me If You Can: an Empirical Analysis of Android Platform Armoring against Stalkerware

Stalkerware is a serious threat to individuals' privacy that is receiving increased attention from the security and privacy research communities. Existing works have largely focused on studying leading stalkerware apps, dual-purpose apps, monetization of stalkerware, or the experience of survivor...

Catwatchful “child monitoring” app exposes victims’ data

If an app markets itself as being for “child monitoring”, a customer might expect that their data and those of the person you’re monitoring is handled with the utmost care and respect. However, as we've seen many times before, stalkerware which is what monitoring software is known as apps have a...

CVE-2025-52926

In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface...

GHSA-5P2P-6G2C-HF7M spytrap-adb Omission of Security-relevant Information

In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface...

spytrap-adb Omission of Security-relevant Information

In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface...

DEBIAN-CVE-2025-52926

In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface...

CVE-2025-52926

In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface...

CVE-2025-52926

In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface...

UBUNTU-CVE-2025-52926

In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface...

CVE-2025-52926

In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface...

CVE-2025-52926

CVE-2025-52926 affects spytrap-adb prior to v0.3.5. The issue is an omission in the scan.rs UI where matches for known stalkerware are not rendered in the interactive user interface, reducing visibility of detected stalkerware within affected builds. The CVSS 3.1 base score is 2.7 (LOW) with LOCA...