0-click vulnerability in Dolby's DDPlus decoder affected Android (CVE-2025-54957)
A malformed audio file can trigger an out-of-bounds write due to integer overflow in evolution data handling—leading to memory corruption and crashes.
Android decodes audio messages locally, making this exploitable without user interaction.
Reproduction: Just send a crafted RCS voice message (dolby_android_crash.mp4)
Details: https://project-zero.issues.chromium.org/issues/428075495

https://codeberg.org/comaps/comaps/releases/tag/v2025.10.16-1

New CoMaps release are out!!!

https://github.com/micro5k/microg-unofficial-installer/releases/nightly

Also New Alpha nightly build!!!

Element X
A fast, secure, and privacy-focused messenger built on the open Matrix network.

Element X lets you stay connected with friends, family, and communities — all while keeping control of your data.

Features:
• Real-time messaging & video calls
• Public and private group chats
• Reactions, polls, pinned messages & more
• Video calling while browsing messages
• Works with other Matrix apps (FluffyChat, Cinny, etc.)
• Open source and ad-free

Privacy-first: No tracking, no data mining — your conversations are yours.

Own your data:
Host on Matrix.org or your own server for full control.

Download: https://element.io/app

Source code: https://github.com/vector-im/element-x-android

#messaging #Matrix

@foss_Android

UbuCon comes to India this November. Book your passes now! 🫶🇮🇳

https://news.itsfoss.com/events/first-ubucon-india/

Who knew a Raspberry Pi could be an AI assistant?

https://news.itsfoss.com/ubo-pod/

New Pixnapping Attack allows any Android app without permissions to leak info displayed by other apps exploiting Android APIs and a hardware side channel (CVE-2025-48561)
Pixnapping is not fixed and probably affects all Androids.
PoC: Not available yet.
Video demonstrates stealing 2FA codes from Google Authenticator. It's like taking screenshot. Pixnapping exploits a side channel that allows the malicious app to map the pixels at those coordinates to letters, numbers, or shapes.
Info: https://www.pixnapping.com/

APK Tool GUI: GUI for apktool, signapk, zipalign and baksmali utilities
https://github.com/AndnixSH/APKToolGUI

Chance

Imageboard browser built using Flutter intended for use on iOS and Android.

🔗 Links:
- Downtown
- Features
- Source code
Developer: Callum Moffat

❤️ Support the Project

If this project makes your life easier, here are a few quick ways to show some love:

⭐ Star the repo/app
☕ Buy a coffee for the developer
🛠 Contribute code, issues, or pull-requests

🏷 Tags: #Android #iOS #Media #Social

Yupp AI

Yupp.ai allows users to compare responses side by side by providing the same prompt to different AI models such as ChatGPT, Claude, and Gemini, rate their preferences based on criteria such as clarity, accuracy, or creativity, and provide feedback. This feedback is recorded in a blockchain-based secure environment, contributing to the continuous improvement of models through reinforcement learning. Users can earn "Yupp credits" in exchange for the quality feedback they provide, which can be used for new trials or converted into cash. This innovative platform offers both AI enthusiasts and developers a transparent, auditable, and rewarding AI evaluation experience.

🔗 Link:
- Website

🏷 Tags: #Website #AI

PIXEL INNOVATIVE STRIKES AGAIN!

🧑‍💻 @agamtechtricks

Firefox will render gradients properly now. Better late than never even if it takes 15 years.

https://fixvx.com/theo/status/1978161273214058786

What is Telegram doing? Doesn't it know the difference between a bot and a human?

https://news.itsfoss.com/telegram-unfair-community-ban/

GhostBat RAT: Inside the Resurgence of RTO-Themed Android Malware
https://cyble.com/blog/ghostbat-rat-inside-the-resurgence-of-rto-themed-android-malware/

⚠️ Heads-up! SAP just re-patched a critical CVSS 10.0 flaw (CVE-2025-42944) in NetWeaver AS Java — a deserialization bug that lets attackers execute commands without authentication.

Apply. The. Fix. → https://thehackernews.com/2025/10/new-sap-netweaver-bug-lets-attackers.html

🍪 A cookie that spawns a shell 💀

A critical flaw (CVE-2025-2611, CVSS 9.3) in ICTBroadcast autodialer software is under active exploitation.

Attackers inject commands via the BROADCAST session cookie for unauthenticated remote code execution.

No patch yet — check your stack → https://thehackernews.com/2025/10/hackers-target-ictbroadcast-servers-via.html

~200 servers are exposed.

🔥 Agentic AI isn’t just automating—it’s thinking and acting.

Zscaler’s CEO says it’s a bigger shift than cloud or IoT.

The upside? Faster support and instant threat response.
The risk? Rogue AIs scanning your network right now.

Learn why Zero Trust isn’t optional anymore → https://thehackernews.com/videos/2025/10/exploring-agentic-ai-innovation-meets.html