A Step-by-Step Guide to Uncovering Vulnerabilities in a Mobile App
https://ahmadaabdulla.medium.com/a-step-by-step-guide-to-uncovering-vulnerabilities-in-a-mobile-app-5a6b05e6b23b
https://ahmadaabdulla.medium.com/a-step-by-step-guide-to-uncovering-vulnerabilities-in-a-mobile-app-5a6b05e6b23b
Medium
A Step-by-Step Guide to Uncovering Vulnerabilities in a Mobile App
β€15π6π3
Android mental health apps are filled with security flaws
https://www.bleepingcomputer.com/news/security/android-mental-health-apps-with-147m-installs-filled-with-security-flaws/
https://www.bleepingcomputer.com/news/security/android-mental-health-apps-with-147m-installs-filled-with-security-flaws/
BleepingComputer
Android mental health apps with 14.7M installs filled with security flaws
Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users' sensitive medical information.
β€17π5π4π¨1
How Predator spyware defeats iOS recording indicators
https://www.jamf.com/blog/predator-spyware-ios-recording-indicator-bypass-analysis/
https://www.jamf.com/blog/predator-spyware-ios-recording-indicator-bypass-analysis/
Jamf
How Predator Spyware Defeats iOS Recording Indicators
An analysis documenting how a commercial spyware sample, Predator, operates post-compromise.
π13π€£3π3β€2π₯°1
How to run virtual iOS 26 iPhone on Apple Silicon Macs, built from Appleβs Private Cloud Compute firmware
https://github.com/wh1te4ever/super-tart-vphone-writeup
https://github.com/wh1te4ever/super-tart-vphone-writeup
GitHub
GitHub - wh1te4ever/super-tart-vphone-writeup
Contribute to wh1te4ever/super-tart-vphone-writeup development by creating an account on GitHub.
β€10π4π2
artifacts: CLI toolkit for static triage of suspicious APKs
https://github.com/drego85/artifacts
https://github.com/drego85/artifacts
GitHub
GitHub - drego85/artifacts: artifacts is a CLI toolkit for static triage of suspicious APKs.
artifacts is a CLI toolkit for static triage of suspicious APKs. - drego85/artifacts
β€8π3
Gadgetinjector: Frida Gadget injector for iOS 17 / iOS 18 IPAs, designed to work with Objection in listen mode
https://github.com/Saurabh221662/GadgetInjector
https://github.com/Saurabh221662/GadgetInjector
GitHub
GitHub - Saurabh221662/GadgetInjector
Contribute to Saurabh221662/GadgetInjector development by creating an account on GitHub.
π11β€3
Captures Android network traffic without proxies or certificates
https://github.com/ProxymanApp/atlantis-android
https://github.com/ProxymanApp/atlantis-android
GitHub
GitHub - ProxymanApp/atlantis-android: Capture HTTP/HTTPS traffic from Android apps and send to Proxyman for debugging.
Capture HTTP/HTTPS traffic from Android apps and send to Proxyman for debugging. - ProxymanApp/atlantis-android
β€13π2π€‘1
1 script to run the virtual iPhone (iOS 26.1), already jailbroken with full bootstrap installed on Mac
https://github.com/34306/vphone-aio
https://github.com/34306/vphone-aio
GitHub
GitHub - 34306/vphone-aio: 1 script run the vphone
1 script run the vphone. Contribute to 34306/vphone-aio development by creating an account on GitHub.
π23β€4π1
areclaw: Android Reverse Engineering CLI Automation Workspace. AI-driven security analysis with Claude Code.
https://github.com/TheQmaks/areclaw
https://github.com/TheQmaks/areclaw
GitHub
GitHub - TheQmaks/areclaw: Android Reverse Engineering Command-Line Automation Workspace. AI-driven security analysis with Claudeβ¦
Android Reverse Engineering Command-Line Automation Workspace. AI-driven security analysis with Claude Code. - TheQmaks/areclaw
π€‘8π6β€4π2π1π1
π΄ Weβre LIVE! Join the Mobile Hacking Conference Now.
Be part of the live stream and dive into the latest mobile security and hacking research
Join here: https://www.youtube.com/watch?v=yFROPsi6J7Y
Be part of the live stream and dive into the latest mobile security and hacking research
Join here: https://www.youtube.com/watch?v=yFROPsi6J7Y
YouTube
π΄ Live: Mobile Hacking Conference | Day 1 + CTF (Pt. 2)
β³ Video Chapters
00:00 - Practical Heap Exploitation Against Androidβs Scudo β Simon Janz - Q&A
44:42 - Breaking into Mobile Phones for Law Enforcement β Gersi Hajrullahi
1:49:29 - Evolution of NFC Threats β Lukas Stefanko
2:45:39 - KYC Security Review andβ¦
00:00 - Practical Heap Exploitation Against Androidβs Scudo β Simon Janz - Q&A
44:42 - Breaking into Mobile Phones for Law Enforcement β Gersi Hajrullahi
1:49:29 - Evolution of NFC Threats β Lukas Stefanko
2:45:39 - KYC Security Review andβ¦
π₯10
Coruna: Inside the Nation-State-Grade iOS Exploit Kit We've Been Tracking
https://iverify.io/blog/coruna-inside-the-nation-state-grade-ios-exploit-kit-we-ve-been-tracking
https://iverify.io/blog/coruna-inside-the-nation-state-grade-ios-exploit-kit-we-ve-been-tracking
iverify.io
Coruna: Inside the Nation-State-Grade iOS Exploit Kit We've Been Tracking
Google's 'Coruna' iOS exploit kit targets iPhones via 23 exploits. See how iVerify's research expands these findings & what it means for everyday users
π8β€3π₯3
π΄ Live: Mobile Hacking Conference | Day 2
https://www.youtube.com/watch?v=CfioCImyo1U
https://www.youtube.com/watch?v=CfioCImyo1U
YouTube
π΄ Live: Mobile Hacking Conference | Day 2
π Exclusive Security Training Deals (Limited Time)
Level up your Android security, exploitation & forensics skills with these special discounts π
β³ Video Chapters
00:00 - Intro & Giveaway Announcements
34:39 - Mobile Security Theater β MiΕosz Gaczkowskiβ¦
Level up your Android security, exploitation & forensics skills with these special discounts π
β³ Video Chapters
00:00 - Intro & Giveaway Announcements
34:39 - Mobile Security Theater β MiΕosz Gaczkowskiβ¦
β€11π5π2
RedAlert Trojan Campaign: Fake Emergency Alert App Spread via SMS Spoofing Israeli Home Front Command
https://www.cloudsek.com/blog/redalert-trojan-campaign-fake-emergency-alert-app-spread-via-sms-spoofing-israeli-home-front-command
https://www.cloudsek.com/blog/redalert-trojan-campaign-fake-emergency-alert-app-spread-via-sms-spoofing-israeli-home-front-command
Cloudsek
RedAlert Trojan Campaign: Fake Emergency Alert App Spread via SMS Spoofing Israeli Home Front Command | CloudSEK
CloudSEK has uncovered a malicious SMS spoofing campaign spreading a fake version of Israelβs βRed Alertβ emergency app amid the ongoing conflict. Disguised as a trusted warning platform, the trojanized Android app can steal SMS, contacts, and location dataβ¦
π7
Auto Frida v2.0: all-in-one Android security testing automation toolkit. Connect your device and let Auto Frida handle everything - from Frida installation to intelligent protection detection and bypass script generation
https://github.com/ommirkute/Auto-Frida
https://github.com/ommirkute/Auto-Frida
GitHub
GitHub - ommirkute/Auto-Frida: Auto Frida is a powerful, all-in-one automation toolkit that handles everything from Frida installationβ¦
Auto Frida is a powerful, all-in-one automation toolkit that handles everything from Frida installation to script injection. Zero manual setup required β just connect your device and start testing....
β€10π6π3
Mobile malware evolution in 2025
https://securelist.com/mobile-threat-report-2025/119076/
https://securelist.com/mobile-threat-report-2025/119076/
Securelist
The mobile threat landscape in 2025
Statistics on Android malware and the most notable mobile threats of 2025: preinstalled backdoors Keenadu and Triada, spyware Trojans, the Kimwolf IoT botnet, and Mamont banking Trojans.
π10β€1
Claude Code skill that automates Android APK decompilation and API endpoint extraction
https://github.com/SimoneAvogadro/android-reverse-engineering-skill
https://github.com/SimoneAvogadro/android-reverse-engineering-skill
GitHub
GitHub - SimoneAvogadro/android-reverse-engineering-skill: Claude Code skill to support Android app's reverse engineering
Claude Code skill to support Android app's reverse engineering - SimoneAvogadro/android-reverse-engineering-skill
π19β€3
AndroHunter: A comprehensive Android security research toolkit for bug bounty hunters and mobile penetration testers
https://github.com/ynsmroztas/AndroHunter
https://github.com/ynsmroztas/AndroHunter
GitHub
GitHub - ynsmroztas/AndroHunter: AndroHunter
AndroHunter. Contribute to ynsmroztas/AndroHunter development by creating an account on GitHub.
π9β€4
TAXISPY RAT : Analysis of TaxiSpy RAT β Russian Banking β Focused Android Malware with Full Remote Control
https://www.cyfirma.com/research/taxispy-rat-analysis-of-taxispy-rat-russian-banking-focused-android-malware-with-full-remote-control/
https://www.cyfirma.com/research/taxispy-rat-analysis-of-taxispy-rat-russian-banking-focused-android-malware-with-full-remote-control/
CYFIRMA
TAXISPY RAT : Analysis of TaxiSpy RAT - Russian Banking - Focused Android Malware with Full Remote Control - CYFIRMA
EXECUTIVE SUMMARY This report analyzes a highly sophisticated Android Banking Trojan with integrated Remote Access Trojan (RAT) functionality, specifically targeting...
π14
iOS DYLIB injection tool for non-jailbreak devices with remote sandbox explorer
Blog: https://medium.com/@testing-guy/dynamic-analysis-of-ios-local-data-storage-on-non-jailbroken-devices-2e1717420af0
Github: https://github.com/test1ng-guy/iOS-sandbox-explorer
Blog: https://medium.com/@testing-guy/dynamic-analysis-of-ios-local-data-storage-on-non-jailbroken-devices-2e1717420af0
Github: https://github.com/test1ng-guy/iOS-sandbox-explorer
Medium
Dynamic Analysis of iOS Local Data Storage on Non-Jailbroken Devices
How I stopped fighting jailbreak and frida detection and learned to love the sandbox
π13β€1
Frida Android Helper: Several commands to facilitate common Android pentesting tasks
https://github.com/secuworm2/frida-android-helper2
https://github.com/secuworm2/frida-android-helper2
GitHub
GitHub - secuworm2/frida-android-helper2: Frida Android utilities 2
Frida Android utilities 2. Contribute to secuworm2/frida-android-helper2 development by creating an account on GitHub.
π15β€2
BeatBanker: A dualβmode Android Trojan
https://securelist.com/beatbanker-miner-and-banker/119121/
https://securelist.com/beatbanker-miner-and-banker/119121/
Securelist
BeatBanker: both banker and miner for Android
Kaspersky researchers identified a new Android Trojan dubbed BeatBanker targeting Brazil, posing as government apps and Google Play Store, and capable of both crypto mining and stealing banking data.
π6β€3