A $300 Creative speaker can be hacked over Bluetooth (no pairing) to install malicious firmware and silently turn into a BadUSB keyboard that can takes over USB connected PC.
Creative don’t consider it a vulnerability - it is not patched!
https://blog.nns.ee/2026/06/03/katana-badusb/
Creative don’t consider it a vulnerability - it is not patched!
https://blog.nns.ee/2026/06/03/katana-badusb/
blog.nns.ee
Pwnd Blaster: Hacking your PC using your speaker without ever touching it | nns.ee
Abusing an unauthenticated Bluetooth protocol to turn a PC speaker into a Rubber Ducky.
⚡8🔥2
Android.MagicAd displays background ads without SYSTEM_ALERT_WINDOW.
Bypasses restrictions via system media controls abuse, vendor-specific intents, and Binder IPC abuse on Xiaomi/Vivo/Amazon devices. Distributed in 50+ apps via GetApps/Galaxy Store
https://news.drweb.com/show/?i=15262&c=5&lng=en
Bypasses restrictions via system media controls abuse, vendor-specific intents, and Binder IPC abuse on Xiaomi/Vivo/Amazon devices. Distributed in 50+ apps via GetApps/Galaxy Store
https://news.drweb.com/show/?i=15262&c=5&lng=en
🔥10⚡4
Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
https://thehackernews.com/2026/06/android-spyware-asin-targets-arabic.html
https://thehackernews.com/2026/06/android-spyware-asin-targets-arabic.html
❤8⚡1🤮1
NFCShare evolves: from a banking phishing APK to a GitHub-hosted Android NFC fraud campaign
https://www.d3lab.net/nfcshare-evolves-from-a-banking-phishing-apk-to-a-github-hosted-android-nfc-fraud-campaign/
https://www.d3lab.net/nfcshare-evolves-from-a-banking-phishing-apk-to-a-github-hosted-android-nfc-fraud-campaign/
D3Lab
NFCShare evolves: from a banking phishing APK to a GitHub-hosted Android NFC fraud campaign
A new NFCShare Android malware campaign distributed through an Intesa Sanpaolo-themed phishing flow, short URLs, and GitHub-hosted APKs. The recent samples keep the same NFC card-theft logic but introduce stronger anti-analysis packaging, brand rotation,…
👍9
Tested the raw socket layer of a pre-production POS system. Found 4 critical/high vulnerabilities — including a replay attack, cross-merchant IDOR, ghost transactions, and card identity bypass
https://m4kr0.vercel.app/posts/iso-8583-under-fire-finding-vulnerabilities-in-a-payment-socket
https://m4kr0.vercel.app/posts/iso-8583-under-fire-finding-vulnerabilities-in-a-payment-socket
M4KR0 Blog
ISO 8583 Under Fire: Finding Vulnerabilities in a Payment Socket - M4KR0 Blog
A hands-on walkthrough of security testing an ISO 8583 payment socket — from reversing the app and enabling hidden debug mode, to finding four critical vulnerabilities in the processor layer
🔥10⚡6❤2
FirefUXSS 0-day: Universal XSS in Firefox Focus for iOS via Redirect-Scheme Validation Race Condition - not patched yet
https://github.com/v12-security/pocs/tree/main/firefox
https://github.com/v12-security/pocs/tree/main/firefox
GitHub
pocs/firefox at main · v12-security/pocs
poc it like it's hot. Contribute to v12-security/pocs development by creating an account on GitHub.
❤10👍2
I tested Nearby Glasses app to detect "spy" smart glasses - I explained why it is not working reliably and how the app can be even spoofed with fake Bluetooth signals
https://www.mobile-hacker.com/2026/06/14/smart-glasses-can-record-you-and-detecting-them-isnt-so-simple/
https://www.mobile-hacker.com/2026/06/14/smart-glasses-can-record-you-and-detecting-them-isnt-so-simple/
Mobile Hacker
Smart Glasses Can Record You - And Detecting Them Isn’t So Simple - Mobile Hacker
Smart glasses with camera are becoming more common, fitting into everyday life. They look like normal sunglasses — but they can record video, capture audio, and take photos at any moment.
❤11👍4
Local Privilege Escalation (LPE) vulnerability in MEmu Android Emulator 9.2.7.0 (CVE-2026-36213)
https://github.com/sec-zone/CVE-2026-36213
https://github.com/sec-zone/CVE-2026-36213
GitHub
GitHub - sec-zone/CVE-2026-36213: CVE-2026-36213 | Local Privilege Escalation in MEmu Android Emulator 9.2.7.0 via Insecure Service…
CVE-2026-36213 | Local Privilege Escalation in MEmu Android Emulator 9.2.7.0 via Insecure Service Binary Permissions | Patched in 9.3.2 - sec-zone/CVE-2026-36213
👍10
Rokarolla : Android Banker with Complete Device Takeover Capabilities
https://zimperium.com/blog/rokarolla-android-banker-with-complete-device-takeover-capabilities
https://zimperium.com/blog/rokarolla-android-banker-with-complete-device-takeover-capabilities
Zimperium
Rokarolla : Android Banker with Complete Device Takeover Capabilities
true
👍12🔥2
[slides] OffensiveCon 2026: Tile-Based Deferred Rooting: When Your GPU Starts Rendering To Kernel Code Space! (CVE-2025-25180)
https://androidoffsec.withgoogle.com/slides/art_imagination_gpu_offensivecon_2026.pdf
https://androidoffsec.withgoogle.com/slides/art_imagination_gpu_offensivecon_2026.pdf
👍8
Android reverse engineering entirely on-device. Radare2 binary analysis, 8 Java decompilers, Flutter & Unity il2cpp support
https://github.com/UltraSina/androidReverse
https://github.com/UltraSina/androidReverse
GitHub
GitHub - UltraSina/androidReverse: Android reverse engineering entirely on-device. Radare2 binary analysis, 8 Java decompilers…
Android reverse engineering entirely on-device. Radare2 binary analysis, 8 Java decompilers, Flutter & Unity il2cpp support. - UltraSina/androidReverse
⚡11👎6👍3💩1🤣1