This media is not supported in your browser
VIEW IN TELEGRAM
One-click Telegram IP address leak
https://www.bleepingcomputer.com/news/security/hidden-telegram-proxy-links-can-reveal-your-ip-address-in-one-click/
Video by @0x6rss
https://www.bleepingcomputer.com/news/security/hidden-telegram-proxy-links-can-reveal-your-ip-address-in-one-click/
Video by @0x6rss
β€14π3π2
Play Integrity API: How It Works & How to Bypass It
https://m4kr0.vercel.app/posts/play-integrity-api-how-it-works--how-to-bypass-it/
https://m4kr0.vercel.app/posts/play-integrity-api-how-it-works--how-to-bypass-it/
M4KR0 Blog
Play Integrity API: How It Works & How to Bypass It - M4KR0 Blog
What's Play Interity API and how to bypass it
β€13β‘4π΄2π1π1
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
https://m4kr0.vercel.app/posts/flutter-ssl-bypass-how-to-intercept-https-traffic-when-all-other-frida-scripts-fail/
https://m4kr0.vercel.app/posts/flutter-ssl-bypass-how-to-intercept-https-traffic-when-all-other-frida-scripts-fail/
M4KR0 Blog
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail - M4KR0 Blog
my journey in intercepting HTTPS traffic from a APK based on Flutter
β€15π₯5π2
deVixor: An Evolving Android Banking RAT with Ransomware Capabilities Targeting Iran
https://cyble.com/blog/devixor-an-evolving-android-banking-rat-with-ransomware-capabilities-targeting-iran/
https://cyble.com/blog/devixor-an-evolving-android-banking-rat-with-ransomware-capabilities-targeting-iran/
Cyble
DeVixor: An Evolving Android Banking RAT With Ransomware Capabilities Targeting Iran - Cyble
Cyble analyzed deVixor, an advanced Android banking RAT with ransomware features actively targeting Iranian users.
β€12π3π€¬3π2π2
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
https://projectzero.google/2026/01/pixel-0-click-part-1.html
https://projectzero.google/2026/01/pixel-0-click-part-1.html
projectzero.google
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby - Project Zero
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One ef...
π₯10β€2π1
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
https://projectzero.google/2026/01/pixel-0-click-part-2.html
https://projectzero.google/2026/01/pixel-0-click-part-2.html
projectzero.google
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave - Project Zero
With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the res...
π6π2
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
https://projectzero.google/2026/01/pixel-0-click-part-3.html
https://projectzero.google/2026/01/pixel-0-click-part-3.html
projectzero.google
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here? - Project Zero
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our e...
π9π5β€1π€1
WhisperPair: Hijacking Bluetooth Accessories
Using Google Fast Pair.
You can also check if your device is vulnerable
https://whisperpair.eu/
Using Google Fast Pair.
You can also check if your device is vulnerable
https://whisperpair.eu/
whisperpair.eu
WhisperPair: Hijacking Bluetooth Accessories Using Google Fast Pair
WhisperPair is a family of practical attacks leveraging a flaw in the Google Fast Pair implementation on flagship audio accessories.
β€7π5π3
WPair: app for testing Bluetooth WhisperPair vulnerability in Google's Fast Pair protocol (CVE-2025-36911) https://github.com/zalexdev/wpair-app
GitHub
GitHub - zalexdev/wpair-app: WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair)β¦
WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol. This vulnerability affects millions of Blueto...
π₯9β€6π4π€―2π2π1
Frida-based tool to dump decrypted iOS apps as .ipa from a jailbroken device supports App Store, sideloaded and system
https://github.com/lautarovculic/frida-ipa-extract
https://github.com/lautarovculic/frida-ipa-extract
GitHub
GitHub - lautarovculic/frida-ipa-extract: Robust Frida-based tool to dump decrypted iOS apps as .ipa from a jailbroken device supportsβ¦
Robust Frida-based tool to dump decrypted iOS apps as .ipa from a jailbroken device supports App Store, sideloaded and system. - lautarovculic/frida-ipa-extract
π10β€7π3π€£1
Analysis of CVE-2025-43529 (WebKit UAF) + CVE-2025-14174 (ANGLE OOB) exploit chain - iOS Safari
https://github.com/zeroxjf/WebKit-UAF-ANGLE-OOB-Analysis
https://github.com/zeroxjf/WebKit-UAF-ANGLE-OOB-Analysis
β€2π2π1
Firebase APK Security Scanner
Scan Android APKs for Firebase security misconfigurations including open databases, exposed storage buckets, and authentication bypasses
https://github.com/trailofbits/skills/tree/main/plugins/firebase-apk-scanner
Scan Android APKs for Firebase security misconfigurations including open databases, exposed storage buckets, and authentication bypasses
https://github.com/trailofbits/skills/tree/main/plugins/firebase-apk-scanner
GitHub
skills/plugins/firebase-apk-scanner at main Β· trailofbits/skills
Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows - trailofbits/skills
β€9π2
Android.Phantom trojans are bundled with modded games and popular apps to infiltrate smartphones. They use machine learning and video broadcasts to engage in click fraud
https://news.drweb.com/show/?i=15110&lng=en
https://news.drweb.com/show/?i=15110&lng=en
Dr.Web
Android.Phantom trojans are bundled with modded games and popular apps to infiltrate smartphones. They use machine learning andβ¦
Experts at the Doctor Web antivirus laboratory have discovered and investigated a new trojan clicker malware family. All of these trojans either are administered via the <span class="string">hxxps[:]//dllpgd[.]click</span> server or get downloaded and launchedβ¦
β€6π3