Remote Code Execution in Evernote for Android by misusing path traversal vulnerability
https://hackerone.com/reports/1377748

A short history of telephone hacking: from phreaking to mobile malware
https://bit-sentinel.com/a-short-history-of-telephone-hacking-from-phreaking-to-mobile-malware

New APT group APT-Q-43 (#VajraEleph) discovered targeting Pakistani military personnel via targeted SMS or WhatsApp messages using Android RAT #VajraSpy impersonates chat apps
https://mp.weixin.qq.com/s/B0ElRhbqLzs-wGQh79fTww

Here is a demo how a user can download malware on iPhone outside of App Store using configuration profile
https://youtu.be/zgDDI5RPubk

Analysis of 0-click iMessage exploit named FORCEDENTRY
Exploitation: By sending a .gif iMessage attachment (which was really a PDF) NSO were able to remotely trigger a heap buffer overflow in the ImageIO JBIG2 decoder
https://googleprojectzero.blogspot.com/2022/03/forcedentry-sandbox-escape.html

Update your iPhone
Apple patched two vulnerabilities have been exploited in the wild
CVE-2022-22675, the issue has been described as an out-of-bounds write vulnerability in an audio and video decoding component called AppleAVD that could allow an application to execute arbitrary code with kernel privileges
https://support.apple.com/en-us/HT213219

Complete dissection of an APK with a suspicious C2 Server
https://lab52.io/blog/complete-dissection-of-an-apk-with-a-suspicious-c2-server/

Fake e‑shops on the prowl for banking credentials using Android malware
https://www.welivesecurity.com/2022/04/06/fake-eshops-prowl-banking-credentials-android-malware/

Measurement SDK library (coelib.c.couluslibrary) implemented in various Android apps is responsible for collecting sensitive data such as Clipboard, GPS, Email, Phone Numbers, IMEI, SSID...
https://blog.appcensus.io/2022/04/06/the-curious-case-of-coulus-coelib/

Android SharkBot Banking Trojan Discovered On Google Play Store Hidden Behind 7 New Apps
https://research.checkpoint.com/2022/google-is-on-guard-sharks-shall-not-pass/

Start Arbitrary Activity App Components as the System User Vulnerability Affecting Samsung Android Devices (CVE-2022-22292)
https://www.kryptowire.com/blog/start-arbitrary-activity-app-components-as-the-system-user-vulnerability-affecting-samsung-android-devices/

iOS ASN.1 Vulnerability analysis (CVE-2021-30737) https://googleprojectzero.blogspot.com/2022/04/cve-2021-30737-xerubs-2021-ios-asn1.html

New Android banking trojan - Octo - is capable of on-device fraud via VNC was available on Google Play Store
https://threatfabric.com/blogs/octo-new-odf-banking-trojan.html

APT-C-23 Campaign Targeting Israeli Officials via malicious Android chat apps
https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials

Android Pentesting Setup On Macbook M1

https://magarajay538.medium.com/android-pentesting-setup-on-macbook-m1-d2f1f0a8db4b

[Beetlebug Android CTF] an open source insecure Android app with CTF challenges for Android Penetesters and Bug Bounty hunters
https://github.com/hafiz-ng/Beetlebug

The State of Mobile Stalkerware in 2021
https://securelist.com/the-state-of-stalkerware-in-2021/106193/

Android Fakecall Banker: A Trojan that masquerades as a banking app and imitates phone conversations with bank employees
https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/

Lol, I am running Kali NetHunter on smartwatches TicWatch Pro

No wifi support so far, but HID and nmap works fine 😁
https://www.instagram.com/p/CcP1r1mF_RJ/

Step-by-step guide to reverse an APK protected with DexGuard using Jadx
https://blog.lexfo.fr/dexguard.html

Detailed analysis of Android Escobar bot
https://valsamaras.medium.com/escobars-bot-post-mortem-b6221196d6a4