Paragon Graphite Leak: LinkedIn Photo Reveals Zero-Click Spyware Dashboard
Feb 24th 2026
A LinkedIn event photo posted in early February 2026 by Paragon Solutions' compliance officer appeared to show a live Graphite spyware dashboard with active intercept logs and controls for messaging apps, prompting renewed scrutiny of commercial spyware use and oversight.
- The LinkedIn photo, posted by Paragon compliance officer Reut Yamen, showed a dashboard marked with completed intercepts and a highlighted target labeled Valentina with a Czech phone number.
- Cybersecurity researchers who reviewed the image say the UI displayed alleged zero-click capabilities for WhatsApp, Signal, Telegram, Line, Snapchat and TikTok, plus toggles for microphone and camera access.
- Graphite is reported in prior coverage to have been used against journalists, activists and other civil society figures and to have been sold to government agencies in multiple countries.
- Technical details in the leak are consistent with device-centric zero-day exploitation that bypasses app sandboxes to capture messages and activate hardware on compromised phones.
- The incident underscores that operational security failures at surveillance vendors can expose active targeting and create new evidence for investigators.
- The exposure has renewed calls from privacy advocates and some policymakers for stricter rules, greater transparency and stronger enforcement around commercial spyware sales.