Analysis of CVE-2025-31200, a zero-day, zero-click RCE in iOS. Triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalation (CVE-2025-31201), and allowed token theft until patched in iOS 18.4.1 (Apr 16, 2025)
https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201
https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201
GitHub
GitHub - JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201: CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudioβsβ¦
CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudioβs AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalati...
π₯13π5π2β€1
CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC
https://faith2dxy.xyz/2025-12-22/cve_2025_38352_analysis/
PoC: https://github.com/farazsth98/poc-CVE-2025-38352
https://faith2dxy.xyz/2025-12-22/cve_2025_38352_analysis/
PoC: https://github.com/farazsth98/poc-CVE-2025-38352
faith2dxy.xyz
CVE-2025-38352 (Part 1) - In-the-wild Android Kernel Vulnerability Analysis + PoC
Part 1 (This blog post) - In-the-wild Android Kernel Vulnerability Analysis + PoC Part 2 - Extending The Race Window Without a Kernel Patch CVE-2025-38352 was aβ¦
β‘7π4πΎ3π₯1
A New Stage in the Evolution of Android SMS Stealers in Uzbekistan
https://www.group-ib.com/blog/mobile-malware-uzbekistan/
https://www.group-ib.com/blog/mobile-malware-uzbekistan/
Group-IB
Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan
Group-IB analyzes the evolution of Android malware in Uzbekistan, revealing advanced droppers, encrypted payload delivery, anti-analysis techniques, and Wonderlandβs bidirectional SMS-stealing capabilities driving large-scale financial fraud.
β€6π5π₯3
DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices (CVE-2025-55177, CVE-2025-43300)
https://media.ccc.de/v/39c3-dngerouslink-a-deep-dive-into-whatsapp-0-click-exploits-on-ios-and-samsung-devices
https://media.ccc.de/v/39c3-dngerouslink-a-deep-dive-into-whatsapp-0-click-exploits-on-ios-and-samsung-devices
media.ccc.de
DNGerousLINK
The spyware attack targeting WhatsApp, disclosed in August as an in-the-wild exploit, garnered significant attention. By simply knowing a...
π13π₯6β€3π2
Android revers engineering and malware analysis notes
https://www.notion.so/Reverse-Engineering-8f11869a35fa4832a01896f1b503261f
https://www.notion.so/Malware-Analysis-e1006868cce24a769e0ca4349b87ef31
https://www.notion.so/Reverse-Engineering-8f11869a35fa4832a01896f1b503261f
https://www.notion.so/Malware-Analysis-e1006868cce24a769e0ca4349b87ef31
Secure's Notion on Notion
Reverse Engineering | Notion
@Android Internals Review
β€17π₯9π5
Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable Linux kernels v5.10.x.
https://github.com/farazsth98/chronomaly
https://github.com/farazsth98/chronomaly
GitHub
GitHub - farazsth98/chronomaly: Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerableβ¦
Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable Linux kernels v5.10.x. - farazsth98/chronomaly
π9β€4π4π1
Read, write, and emulate NFC cards on jailbroken iPhones
https://github.com/OwnGoalStudio/TrollNFC/
https://github.com/OwnGoalStudio/TrollNFC/
GitHub
GitHub - OwnGoalStudio/TrollNFC: A versatile tool for reading, writing, managing, and emulating NFC cards on your iPhone.
A versatile tool for reading, writing, managing, and emulating NFC cards on your iPhone. - OwnGoalStudio/TrollNFC
π12π€‘1π1
WhatsApp Vulnerabilities Leaked Usersβ Metadata Including Deviceβs Operating System Details
https://medium.com/@TalBeerySec/whatsapp-silent-fix-of-device-fingerprinting-privacy-issue-assessment-the-good-the-not-so-bad-9127b5215e28
https://medium.com/@TalBeerySec/whatsapp-silent-fix-of-device-fingerprinting-privacy-issue-assessment-the-good-the-not-so-bad-9127b5215e28
Medium
WhatsApp Silent Fix of Device Fingerprinting Privacy Issue Assessment: The Good, The (Not So) Badβ¦
TL;DR: Using our research tool, we discovered that WhatsApp is silently implementing fixes for device fingerprinting privacyβ¦
π17
Predator iOS Malware: Building a Surveillance Framework - Part 1
https://blog.reversesociety.co/blog/2025/predator-ios-malware-surveillance-framework-part-1
https://blog.reversesociety.co/blog/2025/predator-ios-malware-surveillance-framework-part-1
blog.reversesociety.co
Predator iOS Malware: Building a Surveillance Framework - Part 1 | Reverse Society
How does Predator spyware transform from running code into active surveillance? This technical deep-dive reverse-engineers the internal factory architecture that dynamically creates camera monitoring, VoIP interception, and keylogging modules through Unixβ¦
π10
Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android NFC Malware
https://www.group-ib.com/blog/ghost-tapped-chinese-malware/
https://www.group-ib.com/blog/ghost-tapped-chinese-malware/
Group-IB
Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware
Group-IB researchers detail the inner workings of Chinese tap-to-pay schemes on Telegram and examine the NFC-enabled Android apps fraudsters are using to steal money from victimβs bank cards and mobile wallets remotely.
π13β€2
Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Large Language Models (LLMs)
https://github.com/roomkangali/droid-llm-hunter
https://github.com/roomkangali/droid-llm-hunter
GitHub
GitHub - roomkangali/droid-llm-hunter: Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Largeβ¦
Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Large Language Models (LLMs). - GitHub - roomkangali/droid-llm-hunter: Droid LLM Hunter is a tool to scan for ...
π₯8π1
Dalvik bytecode emulator for Android static analysis | String decryption | Multi-DEX | No Android runtime required
https://github.com/fatalSec/DaliVM
https://github.com/fatalSec/DaliVM
GitHub
GitHub - fatalSec/DaliVM: Dalvik bytecode emulator for Android static analysis | String decryption | Multi-DEX | No Android runtimeβ¦
Dalvik bytecode emulator for Android static analysis | String decryption | Multi-DEX | No Android runtime required - fatalSec/DaliVM
π15β€2
Frida-UI: Interact with Frida devices, processes, and scripts directly from your browser
https://github.com/adityatelange/frida-ui
https://github.com/adityatelange/frida-ui
GitHub
GitHub - adityatelange/frida-ui: Interact with Frida devices, processes, and scripts directly from your browser.
Interact with Frida devices, processes, and scripts directly from your browser. - adityatelange/frida-ui
π3