ipsw: command-line framework for Apple firmware analysis and interact with iOS devices
https://github.com/blacktop/ipsw
https://github.com/blacktop/ipsw
GitHub
GitHub - blacktop/ipsw: iOS/macOS Research Swiss Army Knife
iOS/macOS Research Swiss Army Knife. Contribute to blacktop/ipsw development by creating an account on GitHub.
๐7๐3๐พ1
Frogblight: New Android banker targets Turkish users
https://securelist.com/frogblight-banker/118440/
https://securelist.com/frogblight-banker/118440/
Securelist
Frogblight banking Trojan targets Android users in Turkey
Kaspersky researchers have discovered a new Android banking Trojan targeting Turkish users and posing as an app for accessing court case files via an official government webpage. The malware is being actively developed and may become MaaS in the future.
๐5โค3๐3
Cellik - A New Android RAT With Play Store Integration
https://iverify.io/blog/meet-cellik---a-new-android-rat-with-play-store-integration
https://iverify.io/blog/meet-cellik---a-new-android-rat-with-play-store-integration
iverify.io
Meet Cellik - A New Android RAT With Play Store Integration
Discover how Cellik Android RAT enables full device surveillance with live screen access, keylogging, app injection, and Play Store APK wrapping.
๐11๐4โค3
Kimwolf Botnet Hacked 1.8 Million Android TVs, Launched DDoS Attacks, Proxy
https://blog.xlab.qianxin.com/kimwolf-botnet-en/
https://blog.xlab.qianxin.com/kimwolf-botnet-en/
ๅฅๅฎไฟก X ๅฎ้ชๅฎค
Kimwolf Exposed: The Massive Android Botnet with 1.8 Million Infected Devices
Background
On October 24, 2025, a trusted partner in the security community provided us with a brand-new botnet sample. The most distinctive feature of this sample was its C2 domain, 14emeliaterracewestroxburyma02132[.]su, which at the time ranked 2nd inโฆ
On October 24, 2025, a trusted partner in the security community provided us with a brand-new botnet sample. The most distinctive feature of this sample was its C2 domain, 14emeliaterracewestroxburyma02132[.]su, which at the time ranked 2nd inโฆ
๐9๐5๐2
Kimsuky Distributing Malicious Mobile App via QR Code
https://www.enki.co.kr/en/media-center/blog/kimsuky-distributing-malicious-mobile-app-via-qr-code
https://www.enki.co.kr/en/media-center/blog/kimsuky-distributing-malicious-mobile-app-via-qr-code
www.enki.co.kr
Kimsuky Distributing Malicious Mobile App via QR Code | Enki White Hat
๐8๐ฅ5โค2๐2
Analysis of CVE-2025-31200, a zero-day, zero-click RCE in iOS. Triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalation (CVE-2025-31201), and allowed token theft until patched in iOS 18.4.1 (Apr 16, 2025)
https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201
https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201
GitHub
GitHub - JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201: CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudioโsโฆ
CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudioโs AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalati...
๐ฅ13๐5๐2โค1
CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC
https://faith2dxy.xyz/2025-12-22/cve_2025_38352_analysis/
PoC: https://github.com/farazsth98/poc-CVE-2025-38352
https://faith2dxy.xyz/2025-12-22/cve_2025_38352_analysis/
PoC: https://github.com/farazsth98/poc-CVE-2025-38352
faith2dxy.xyz
CVE-2025-38352 (Part 1) - In-the-wild Android Kernel Vulnerability Analysis + PoC
Part 1 (This blog post) - In-the-wild Android Kernel Vulnerability Analysis + PoC Part 2 - Extending The Race Window Without a Kernel Patch CVE-2025-38352 was aโฆ
โก7๐4๐พ3๐ฅ1
A New Stage in the Evolution of Android SMS Stealers in Uzbekistan
https://www.group-ib.com/blog/mobile-malware-uzbekistan/
https://www.group-ib.com/blog/mobile-malware-uzbekistan/
Group-IB
Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan
Group-IB analyzes the evolution of Android malware in Uzbekistan, revealing advanced droppers, encrypted payload delivery, anti-analysis techniques, and Wonderlandโs bidirectional SMS-stealing capabilities driving large-scale financial fraud.
โค6๐5๐ฅ3
DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices (CVE-2025-55177, CVE-2025-43300)
https://media.ccc.de/v/39c3-dngerouslink-a-deep-dive-into-whatsapp-0-click-exploits-on-ios-and-samsung-devices
https://media.ccc.de/v/39c3-dngerouslink-a-deep-dive-into-whatsapp-0-click-exploits-on-ios-and-samsung-devices
media.ccc.de
DNGerousLINK
The spyware attack targeting WhatsApp, disclosed in August as an in-the-wild exploit, garnered significant attention. By simply knowing a...
๐13๐ฅ6โค3๐2
Android revers engineering and malware analysis notes
https://www.notion.so/Reverse-Engineering-8f11869a35fa4832a01896f1b503261f
https://www.notion.so/Malware-Analysis-e1006868cce24a769e0ca4349b87ef31
https://www.notion.so/Reverse-Engineering-8f11869a35fa4832a01896f1b503261f
https://www.notion.so/Malware-Analysis-e1006868cce24a769e0ca4349b87ef31
Secure's Notion on Notion
Reverse Engineering | Notion
@Android Internals Review
โค17๐ฅ9๐5
Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable Linux kernels v5.10.x.
https://github.com/farazsth98/chronomaly
https://github.com/farazsth98/chronomaly
GitHub
GitHub - farazsth98/chronomaly: Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerableโฆ
Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable Linux kernels v5.10.x. - farazsth98/chronomaly
๐9โค4๐4๐1
Read, write, and emulate NFC cards on jailbroken iPhones
https://github.com/OwnGoalStudio/TrollNFC/
https://github.com/OwnGoalStudio/TrollNFC/
GitHub
GitHub - OwnGoalStudio/TrollNFC: A versatile tool for reading, writing, managing, and emulating NFC cards on your iPhone.
A versatile tool for reading, writing, managing, and emulating NFC cards on your iPhone. - OwnGoalStudio/TrollNFC
๐11๐คก1๐1
WhatsApp Vulnerabilities Leaked Usersโ Metadata Including Deviceโs Operating System Details
https://medium.com/@TalBeerySec/whatsapp-silent-fix-of-device-fingerprinting-privacy-issue-assessment-the-good-the-not-so-bad-9127b5215e28
https://medium.com/@TalBeerySec/whatsapp-silent-fix-of-device-fingerprinting-privacy-issue-assessment-the-good-the-not-so-bad-9127b5215e28
Medium
WhatsApp Silent Fix of Device Fingerprinting Privacy Issue Assessment: The Good, The (Not So) Badโฆ
TL;DR: Using our research tool, we discovered that WhatsApp is silently implementing fixes for device fingerprinting privacyโฆ
๐15
Predator iOS Malware: Building a Surveillance Framework - Part 1
https://blog.reversesociety.co/blog/2025/predator-ios-malware-surveillance-framework-part-1
https://blog.reversesociety.co/blog/2025/predator-ios-malware-surveillance-framework-part-1
blog.reversesociety.co
Predator iOS Malware: Building a Surveillance Framework - Part 1 | Reverse Society
How does Predator spyware transform from running code into active surveillance? This technical deep-dive reverse-engineers the internal factory architecture that dynamically creates camera monitoring, VoIP interception, and keylogging modules through Unixโฆ
๐10
Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android NFC Malware
https://www.group-ib.com/blog/ghost-tapped-chinese-malware/
https://www.group-ib.com/blog/ghost-tapped-chinese-malware/
Group-IB
Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware
Group-IB researchers detail the inner workings of Chinese tap-to-pay schemes on Telegram and examine the NFC-enabled Android apps fraudsters are using to steal money from victimโs bank cards and mobile wallets remotely.
๐11โค2
Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Large Language Models (LLMs)
https://github.com/roomkangali/droid-llm-hunter
https://github.com/roomkangali/droid-llm-hunter
GitHub
GitHub - roomkangali/droid-llm-hunter: Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Largeโฆ
Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Large Language Models (LLMs). - GitHub - roomkangali/droid-llm-hunter: Droid LLM Hunter is a tool to scan for ...