Paragon Spyware Dashboard Exposed in LinkedIn Post

Paragon Solutions is an Israeli spyware company headquartered in Tel Aviv, founded in 2019 by a group of former Israeli intelligence officers, including Ehud Schneorson (former commander of the elite Unit 8200 cyber intelligence unit), Idan Nurick (current CEO), Igor Bogudlov, Liad Avraham, and notably co-founder and board member Ehud Barak (former Israeli Prime Minister).

The company developed Graphite, a sophisticated tool designed to access encrypted messaging apps like WhatsApp and Signal on targeted devices, and positioned itself as a more “ethical” alternative to competitors like NSO Group by emphasizing safeguards against misuse and sales only to vetted government clients for lawful purposes, such as combating serious crime and national security threats.

In late 2024, Paragon was acquired by the U.S.-based private equity firm AE Industrial Partners for a deal reportedly valued between $450 million and $900 million, leading to its integration into the American cybersecurity firm RED Lattice and shifting ultimate ownership to this Florida-headquartered investment group. Is This new Florida company owned by Christians or Jews? Asking for a friend.

In a striking lapse of operational security within the highly secretive world of cyber surveillance, Israeli-based firm Paragon Solutions has found itself at the center of controversy following an accidental revelation on LinkedIn.

This incident, which unfolded on February 11, 2026, involved the posting of a sensitive screenshot that peeled back the curtain on the company’s Graphite spyware control panel—a sophisticated tool engineered specifically for intercepting encrypted communications on targeted devices. The exposure has ignited widespread alarm among cybersecurity experts, policymakers, and human rights advocates, highlighting the precarious balance between advanced surveillance technologies and the need for stringent secrecy in their deployment.

The Unintended Exposure via Social Media

The blunder originated from a LinkedIn post shared by Paragon’s general counsel, who inadvertently included a detailed screenshot of the Graphite control panel.

Captured on February 11, 2026, the image showcased real-time operational data, including a monitored Czech phone number cryptically labeled as “Valentina.”

This was the pivotal moment when a company unmasked the true reach of its invasive spyware tool. Paragon’s Graphite weapon targets journalists, activists, human rights defenders—and most critically, politicians, government ministers, opposition figures, and anyone seen as a potential challenge to the paying clients’ authority or agendas. Paragon isn’t merely a technology firm; it’s a full-scale surveillance production with options to black mail.

It appears Employee 1 and 2 work at Paragon, and could be the operators who uploaded the picture onto social media.

Accompanying this were interception logs dated February 10, 2026, which documented active surveillance activities. These logs revealed the panel’s advanced capabilities, such as exploiting zero-click vulnerabilities to infiltrate and monitor encrypted messaging platforms like WhatsApp without any user interaction required.

Although the post was promptly deleted in an apparent effort to mitigate the damage, the screenshot had already proliferated across online platforms, thanks to vigilant observers in the cybersecurity community. Notably, Dutch cybersecurity researcher Jurre van Bergen was among the first to spotlight the incident. In his detailed analysis, van Bergen dissected the dashboard’s interface, pointing out its features for tracking various applications, user accounts, and the status of ongoing communications. This unintended leak not only demystified the inner workings of Graphite but also underscored a fundamental vulnerability: even the most guarded tools in the spyware industry can be compromised through simple human error on public social networks.

Broader Implications for Security and Operational Integrity

The fallout from this exposure has been swift and severe, with prominent voices in the field labeling it a monumental failure in operational security (OPSEC).

John Scott-Railton, a senior researcher at the University of Toronto’s Citizen Lab—an organization renowned for its investigations into digital surveillance abuses—described the event as an “epic OPSEC fail.” This characterization captures the essence of the risk: in an industry where discretion is paramount, such a public slip-up can erode trust, expose methodologies to adversaries, and invite regulatory scrutiny.

Paragon’s Graphite spyware is often positioned as a more ethically refined alternative to infamous tools like the NSO Group’s Pegasus, which has been implicated in numerous high-profile abuses. Graphite is marketed with claims of built-in safeguards to prevent misuse, targeting only authorized governmental entities for lawful interceptions. However, this incident has amplified skepticism, fueling discussions about whether these tools can ever be truly contained or if they inherently pose risks to privacy and civil liberties. The spyware sector, already under intense global watch due to its potential for authoritarian overreach, now faces heightened calls for transparency and accountability.

International Ramifications

The revelations extend beyond this single mishap, tying into a broader pattern of concerns surrounding Paragon’s operations. As early as 2025, allegations emerged that the company had leveraged zero-click exploits to surveil journalists and activists. A notable case involved Italian editor Francesco Cancellato, whose device showed signs of infection traced back to Paragon’s infrastructure. Forensic analysis by Citizen Lab identified distinctive markers, such as the term “BIGPRETZEL,” embedded in the compromised systems, further linking the spyware to Israeli origins.

Paragon’s client list reportedly encompasses a range of international governments, including those from Australia, Canada, Cyprus, Denmark, Israel, and Singapore. In a particularly eyebrow-raising development, the United States government disclosed in January 2025 that it had acquired Graphite for use by Immigration and Customs Enforcement (ICE) in targeted operations. These deployments have sparked significant human rights alarms, especially in jurisdictions like Canada and Italy, where evidence suggests the tool has been used to monitor dissidents, journalists, and political activists without adequate oversight.

This LinkedIn incident serves as a stark reminder of the inherent challenges in the spyware industry. While Paragon maintains that its products are sold exclusively to vetted governmental clients for legitimate purposes, recurring controversies—including this exposure and prior WhatsApp-related accusations—undermine such assurances. It prompts a critical examination of ethical frameworks in cyber surveillance, urging stakeholders to reconsider the proliferation of tools that can so easily blur the lines between security and invasion. As the digital landscape evolves, incidents like these may catalyze stronger international regulations to curb potential abuses and ensure that technological advancements do not come at the expense of fundamental rights.

ICE Gains Access to Paragon Graphite Phone-Hacking Tool

The U.S. Immigration and Customs Enforcement (ICE) has reinstated a controversial $2 million contract with Paragon Solutions to acquire its advanced Graphite spyware, originally developed by the Israeli-founded company. The deal, first signed in September 2024 under the Biden administration, was paused due to concerns over compliance with Executive Order 14093, which restricts federal use of commercial spyware posing national security risks or enabling human rights abuses—particularly after Graphite was linked to misuse abroad, including a 2025 Italian campaign targeting journalists, activists, and humanitarian workers, as well as a disrupted WhatsApp hacking attempt.

The contract was revived in late August 2025 following Paragon’s acquisition by Florida-based private equity firm AE Industrial Partners and its merger into Virginia-based cybersecurity company REDLattice, reclassifying it as U.S.-owned and circumventing foreign-origin restrictions. Graphite provides powerful capabilities, including zero-click infiltration of smartphones to access encrypted apps like WhatsApp and Signal, extract messages, photos, emails, and documents, activate microphones for live audio surveillance, and access cloud backups—raising alarms from civil liberties groups, privacy advocates, and lawmakers about potential misuse for mass immigrant monitoring, suppression of dissent, or violations of civil rights amid ICE’s expanded surveillance efforts under the current administration.