{"id":58932,"date":"2025-07-06T20:10:13","date_gmt":"2025-07-06T20:10:13","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/"},"modified":"2025-07-06T20:10:13","modified_gmt":"2025-07-06T20:10:13","slug":"stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/","title":{"rendered":"Stalkerware firm gets scooped by SQL-slinging security snoop"},"content":{"rendered":"<p><span class=\"label\">Infosec In Brief<\/span> A security researcher looking at samples of stalkerware discovered an SQL vulnerability that allowed him to steal a database of 62,000 user accounts.&nbsp;<\/p>\n<p>Eric Daigle published a <a href=\"https:\/\/ericdaigle.ca\/posts\/taking-over-60k-spyware-user-accounts\/\" rel=\"nofollow\">blog post<\/a> this week detailing how he found a piece of stalkerware he wasn&#8217;t familiar with, Catwatchful, and then quickly proceeded to pwn it into temporary oblivion.&nbsp;<\/p>\n<p>Stalkerware or spyware is a form of software used to track people&#8217;s computer activity. It is typically installed by parents, spouses, or employers with physical access to the user&#8217;s computer, and tends to be undetectable and very hard to remove. The number of stalkerware installations has been <a href=\"https:\/\/www.theregister.com\/2024\/03\/20\/stalkerware_usage_surging_despite_data\/\">steadily on the rise<\/a>, even as it&#8217;s repeatedly been <a href=\"https:\/\/www.theregister.com\/2024\/07\/15\/infosec_roundup\/\">breached<\/a> by online vigilantes and security researchers.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>According to Daigle, Catwatchful is a spyware kit that promises to be undetectable and unstoppable, with only the controller able to make use of it on an infected device or delete it. While it &#8220;works really well&#8221; for its intended purpose, Daigle also noted that Catwatchful made two POST requests to separate servers when he tried to log into the app.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>One of the two servers, it turned out, had no appreciable security system installed, allowing Daigle to copy plaintext login details for all 62,000 Catwatchful accounts in the group&#8217;s system, including the administrator&#8217;s. Oops.&nbsp;<\/p>\n<p>Working with reporters from TechCrunch, Daigle even managed to help <a href=\"https:\/\/techcrunch.com\/2025\/07\/02\/data-breach-reveals-catwatchful-stalkerware-spying-on-thousands-android-phones\/\" rel=\"nofollow\">identify<\/a> the alleged administrator of Catwatchful, as well as get its hosters to take it down.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Unfortunately for its stalkees, Catwatchful has remained online as of this week, Daigle says, with temporary sites stood up to replace seized domains, and patches deployed to address the SQLI vulnerability.&nbsp;<\/p>\n<div class=\"boxout\" readability=\"15.187301587302\">\n<h3 class=\"crosshead\">Critical vulnerabilities of the week: Chrome zero day patched<\/h3>\n<p>Google moved fast this week to <a href=\"https:\/\/chromereleases.googleblog.com\/2025\/06\/stable-channel-update-for-desktop_30.html\" rel=\"nofollow\">patch<\/a> a zero-day in the V8 JavaScript engine after it was found being exploited in the wild, so don&#8217;t skip this stable channel update for Chrome Desktop on Windows, Mac, and Linux.&nbsp;<\/p>\n<p>The patch addresses <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-6554\" rel=\"nofollow\">CVE-2025-6554<\/a> (CVSS 8.1), a type of confusion vulnerability in V8 that allows a remote attacker to perform an arbitrary read\/write via a specially-crafted HTML item.&nbsp;<\/p>\n<p>Elsewhere:<\/p>\n<ul>\n<li>CVSS 9.6 &#8211; <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2024-45347\" rel=\"nofollow\">CVE-2024-45347<\/a>: Xiaomi Mi Connect Service APP contains a logic flaw that can allow an attacker to gain unauthorized access to a victim&#8217;s device.<\/li>\n<\/ul>\n<\/div>\n<h3 class=\"crosshead\">Another Swiss government partner gets ransomed<\/h3>\n<p>The Swiss government <a href=\"https:\/\/www.news.admin.ch\/en\/newnsb\/T5AZeWNEPFGe\" rel=\"nofollow\">said<\/a> this week that the Radix foundation, an NGO dedicated to healthcare promotion, was hit by ransomware. Given Radix counts a number of government agencies among its customers, the government saw fit to report the matter even though no government data was stolen.&nbsp;<\/p>\n<p>&#8220;As Radix has no direct access to Federal Administration systems, the attackers did not gain entry to these systems at any time,&#8221; the Swiss government said &#8211; but government data on Radix&#8217;s own systems isn&#8217;t necessarily safe, mind you.&nbsp;<\/p>\n<p>While it hasn&#8217;t shared how many government documents may have been exposed this time around, it could be a sizable amount. The Play ransomware gang hit a Swiss government IT supplier last year and made off with some <a href=\"https:\/\/www.theregister.com\/2024\/03\/08\/swiss_government_files_ransomware\/\">65,000 government files<\/a> among more than a million more stolen from the biz.&nbsp;<\/p>\n<h3 class=\"crosshead\">IDE extension verification is easy to spoof, say researchers<\/h3>\n<p>Software supply chain security is a critical part of modern cyber hygiene, and that includes verification of extensions used in IDEs. Unfortunately it&#8217;s easy to spoof such verification in several top IDEs, researchers from OX security <a href=\"https:\/\/www.ox.security\/can-you-trust-that-verified-symbol-exploiting-ide-extensions-is-easier-than-it-should-be\/\" rel=\"nofollow\">claim<\/a>.<\/p>\n<p>Research from the OX team, makers of application-level security products, published research this week showing that verification in VSCode, Visual Studio and IntelliJ IDEA can all be spoofed, allowing for a malicious IDE extension to pass itself off as a trustworthy one.&nbsp;<\/p>\n<p>&#8220;The ability to inject malicious code into extensions, package them as VSIX\/ZIP files, and install them while maintaining the verified symbols across multiple major development platforms poses a serious risk,&#8221; the OX team said.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>With verification marks no longer sufficient to judge authenticity of IDE packages, OX recommends only installing extensions directly from official marketplaces rather than from files, while extension developers and IDE makers should be sure there are multiple methods of extension signing available to ensure file security.&nbsp;<\/p>\n<h3 class=\"crosshead\">It wouldn&#8217;t be a roundup without a healthcare breach<\/h3>\n<p>Healthcare providers are frequently targeted by data thieves, and for good reason: They&#8217;re soft targets, they possess valuable PII, and they <a href=\"https:\/\/www.theregister.com\/2022\/06\/03\/healthcare-ransomware-pay-sophos\/\">often pay up<\/a> in the case of ransomware. This week&#8217;s entrant involves US player Esse Health, based in St Louis, Missouri.&nbsp;<\/p>\n<p>Esse <a href=\"https:\/\/www.maine.gov\/agviewer\/content\/ag\/985235c7-cb95-4be2-8792-a1252b4f8318\/2374dd24-9fb6-41bf-ab1f-ce11920ffeb3.html\" rel=\"nofollow\">began<\/a> letting customers know this week that it had been breached in April, and that data belonging to some 263,601 people was possibly stolen. Data included names, addresses, dates of birth and healthcare information &#8211; all the usual stuff &#8211; though luckily medical records themselves weren&#8217;t stolen.&nbsp;<\/p>\n<p><a href=\"https:\/\/www.hipaajournal.com\/esse-health-cyberattack\/\" rel=\"nofollow\">Reports<\/a> from shortly after indicate the attack affected Esse phone systems and forced offices to cancel some appointments due to other outages.&nbsp;<\/p>\n<p>As is often the case, customers in the firing line are being given some free identity protection service, and the assurance that none of their data has been misused in any way Esse can tell \u2013 at least not yet.&nbsp;<\/p>\n<h3 class=\"crosshead\">CVE program begs you to help it help itself<\/h3>\n<p>Things have been a bit perilous for the Common Vulnerabilities and Exposure of late, with the Trump administration letting funding for the program expire until it was saved, for a moment, via a <a href=\"https:\/\/www.theregister.com\/2025\/04\/16\/cve_program_funding_save\/\">temporary contract extension<\/a>. CVE board members were <a href=\"https:\/\/www.theregister.com\/2025\/04\/25\/cve_board_funding\/\">reportedly<\/a> kept in the dark about the end of the program, and now Congress wants a review of the program to check for <a href=\"https:\/\/www.theregister.com\/2025\/06\/15\/cybersecurity_news_in_brief\/\">mismanagement<\/a>.&nbsp;<\/p>\n<p>In other words, there&#8217;s enough to do without thinking about how the CVE program might be improved if it doesn&#8217;t vanish down the memory hole, which is where you, dear infosec professional, come in.&nbsp;<\/p>\n<p>The CVE Program has created a pair of working groups, one for <a href=\"https:\/\/www.cve.org\/Media\/News\/item\/news\/2025\/07\/01\/CVE-Program-Adds-Researcher-WG-for-CNAs\" rel=\"nofollow\">security researchers<\/a> at CVE numbering authorities (CNAs) and another for <a href=\"https:\/\/www.cve.org\/Media\/News\/item\/news\/2025\/07\/01\/New-CVE-Consumer-WG\" rel=\"nofollow\">consumers<\/a>, which includes basically everyone else.&nbsp;<\/p>\n<p>Research Working Group members will be working to establish research norms and advising other members of the research community with an aim to &#8220;promote the CVE program,&#8221; while consumers will work to identify what users of the CVE system want and need &#8220;to ensure that the CVE Program remains aligned with real-world use cases.&#8221;<\/p>\n<p>Make your voice heard at the links above.&nbsp;\u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2025\/07\/06\/infosec_roundup\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Also, Swiss ransomware posture looks like its cheese, the CVE Program wants YOU, more sus checks and more Infosec In Brief\u00a0 A security researcher looking at samples of stalkerware discovered an SQL vulnerability that allowed him to steal a database of 62,000 user accounts.\u00a0\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-58932","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Stalkerware firm gets scooped by SQL-slinging security snoop 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Stalkerware firm gets scooped by SQL-slinging security snoop 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-06T20:10:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Stalkerware firm gets scooped by SQL-slinging security snoop\",\"datePublished\":\"2025-07-06T20:10:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\\\/\"},\"wordCount\":1090,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\\\/\",\"name\":\"Stalkerware firm gets scooped by SQL-slinging security snoop 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2025-07-06T20:10:13+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Stalkerware firm gets scooped by SQL-slinging security snoop\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Stalkerware firm gets scooped by SQL-slinging security snoop 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/","og_locale":"en_US","og_type":"article","og_title":"Stalkerware firm gets scooped by SQL-slinging security snoop 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2025-07-06T20:10:13+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Stalkerware firm gets scooped by SQL-slinging security snoop","datePublished":"2025-07-06T20:10:13+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/"},"wordCount":1090,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/","url":"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/","name":"Stalkerware firm gets scooped by SQL-slinging security snoop 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2025-07-06T20:10:13+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aGshiPzG5Zce7qgdgWNcyAAAAVA&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/stalkerware-firm-gets-scooped-by-sql-slinging-security-snoop\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Stalkerware firm gets scooped by SQL-slinging security snoop"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/58932","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=58932"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/58932\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=58932"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=58932"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=58932"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}