Android Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
https://thehackernews.com/2026/06/android-spyware-asin-targets-arabic.html
https://thehackernews.com/2026/06/android-spyware-asin-targets-arabic.html
โค9๐คฎ9โก6
NFCShare evolves: from a banking phishing APK to a GitHub-hosted Android NFC fraud campaign
https://www.d3lab.net/nfcshare-evolves-from-a-banking-phishing-apk-to-a-github-hosted-android-nfc-fraud-campaign/
https://www.d3lab.net/nfcshare-evolves-from-a-banking-phishing-apk-to-a-github-hosted-android-nfc-fraud-campaign/
D3Lab
NFCShare evolves: from a banking phishing APK to a GitHub-hosted Android NFC fraud campaign
A new NFCShare Android malware campaign distributed through an Intesa Sanpaolo-themed phishing flow, short URLs, and GitHub-hosted APKs. The recent samples keep the same NFC card-theft logic but introduce stronger anti-analysis packaging, brand rotation,โฆ
๐14
Tested the raw socket layer of a pre-production POS system. Found 4 critical/high vulnerabilities โ including a replay attack, cross-merchant IDOR, ghost transactions, and card identity bypass
https://m4kr0.vercel.app/posts/iso-8583-under-fire-finding-vulnerabilities-in-a-payment-socket
https://m4kr0.vercel.app/posts/iso-8583-under-fire-finding-vulnerabilities-in-a-payment-socket
M4KR0 Blog
ISO 8583 Under Fire: Finding Vulnerabilities in a Payment Socket - M4KR0 Blog
A hands-on walkthrough of security testing an ISO 8583 payment socket โ from reversing the app and enabling hidden debug mode, to finding four critical vulnerabilities in the processor layer
๐ฅ17โก9โค7
FirefUXSS 0-day: Universal XSS in Firefox Focus for iOS via Redirect-Scheme Validation Race Condition - not patched yet
https://github.com/v12-security/pocs/tree/main/firefox
https://github.com/v12-security/pocs/tree/main/firefox
GitHub
pocs/firefox at main ยท v12-security/pocs
poc it like it's hot. Contribute to v12-security/pocs development by creating an account on GitHub.
โค14๐6๐ฅ4
I tested Nearby Glasses app to detect "spy" smart glasses - I explained why it is not working reliably and how the app can be even spoofed with fake Bluetooth signals
https://www.mobile-hacker.com/2026/06/14/smart-glasses-can-record-you-and-detecting-them-isnt-so-simple/
https://www.mobile-hacker.com/2026/06/14/smart-glasses-can-record-you-and-detecting-them-isnt-so-simple/
Mobile Hacker
Smart Glasses Can Record You - And Detecting Them Isnโt So Simple - Mobile Hacker
Smart glasses with camera are becoming more common, fitting into everyday life. They look like normal sunglasses โ but they can record video, capture audio, and take photos at any moment.
โค20๐10
Local Privilege Escalation (LPE) vulnerability in MEmu Android Emulator 9.2.7.0 (CVE-2026-36213)
https://github.com/sec-zone/CVE-2026-36213
https://github.com/sec-zone/CVE-2026-36213
GitHub
GitHub - sec-zone/CVE-2026-36213: CVE-2026-36213 | Local Privilege Escalation in MEmu Android Emulator 9.2.7.0 via Insecure Serviceโฆ
CVE-2026-36213 | Local Privilege Escalation in MEmu Android Emulator 9.2.7.0 via Insecure Service Binary Permissions | Patched in 9.3.2 - sec-zone/CVE-2026-36213
๐16โค9
Rokarolla : Android Banker with Complete Device Takeover Capabilities
https://zimperium.com/blog/rokarolla-android-banker-with-complete-device-takeover-capabilities
https://zimperium.com/blog/rokarolla-android-banker-with-complete-device-takeover-capabilities
Zimperium
Rokarolla : Android Banker with Complete Device Takeover Capabilities
true
๐19๐ฅ10
[slides] OffensiveCon 2026: Tile-Based Deferred Rooting: When Your GPU Starts Rendering To Kernel Code Space! (CVE-2025-25180)
https://androidoffsec.withgoogle.com/slides/art_imagination_gpu_offensivecon_2026.pdf
https://androidoffsec.withgoogle.com/slides/art_imagination_gpu_offensivecon_2026.pdf
๐15๐ฅ7
Android reverse engineering entirely on-device. Radare2 binary analysis, 8 Java decompilers, Flutter & Unity il2cpp support
https://github.com/UltraSina/androidReverse
https://github.com/UltraSina/androidReverse
GitHub
GitHub - UltraSina/androidReverse: Android reverse engineering entirely on-device. Radare2 binary analysis, 8 Java decompilersโฆ
Android reverse engineering entirely on-device. Radare2 binary analysis, 8 Java decompilers, Flutter & Unity il2cpp support. - UltraSina/androidReverse
โก14๐8๐4๐ฅ4๐คฃ4๐ฉ2
Android Malware Disguised as Document Reader Reaches 100K Downloads on Google Play | Anatsa banker
https://x.com/Threatlabz/status/2069190345418854810
https://x.com/Threatlabz/status/2069190345418854810
X (formerly Twitter)
Zscaler ThreatLabz (@Threatlabz) on X
โ ๏ธ ThreatLabz discovered another fake document reader in the Google Play Store with more than 100K downloads, which delivers the Anatsa Android trojan.
Anatsa installer MD5 hash: f72b1a333fa28b133df6476561142d6a
Payload URL: http://66.206.6[.]6:8080/disclaimer.txtโฆ
Anatsa installer MD5 hash: f72b1a333fa28b133df6476561142d6a
Payload URL: http://66.206.6[.]6:8080/disclaimer.txtโฆ
โค15
This media is not supported in your browser
VIEW IN TELEGRAM
Android 17 root: full chain browser-to-kernel exploit with two 0-day vulnerabilities affecting Firefox before v151.0.2 (CVE-2026-10702)
Click on the link -> root Android
https://x.com/nebusecurity/status/2069707520160227688
Click on the link -> root Android
https://x.com/nebusecurity/status/2069707520160227688
๐ฅ49๐ฑ25โค8๐ค6๐4๐4๐2
Glitch SPY: New Android RAT Distributed Through a Fake Polish Rental App
https://cyble.com/blog/glitch-spy-rat-distributed-via-fake-polish-app/
https://cyble.com/blog/glitch-spy-rat-distributed-via-fake-polish-app/
Cyble
Glitch SPY RAT Distributed Via Fake Polish Rental App
CRIL analyzes Glitch SPY, an Android RAT with 70+ commands, crypto-clipping, and a silent remote browser, giving attackers full device control.
RedWing: A Mobile Malware-as-a-Service Operation
https://zimperium.com/blog/redwing-a-mobile-malware-as-a-service-operation
https://zimperium.com/blog/redwing-a-mobile-malware-as-a-service-operation
Zimperium
RedWing: A Mobile Malware-as-a-Service Operation
true
๐14๐8โก6โค3
GoldPickaxe Returns: When Your Biometric Information is as Important as Your Money
https://zimperium.com/blog/goldpickaxe-returns-when-your-biometric-information-is-as-important-as-your-money
https://zimperium.com/blog/goldpickaxe-returns-when-your-biometric-information-is-as-important-as-your-money
Zimperium
GoldPickaxe Returns: When Your Biometric Information is as Important as Your Money
true
๐11๐5
How to Bypass mTLS on Android with Frida
https://kiratliygt.medium.com/how-to-bypass-mtls-on-android-with-frida-45c5e71373e8
https://kiratliygt.medium.com/how-to-bypass-mtls-on-android-with-frida-45c5e71373e8
Medium
How to Bypass mTLS on Android with Frida
Keywords: mTLS bypass Android, Frida mTLS, Android mutual TLS bypass, Burp Suite mTLS Android, Android mTLS pentest, PKCS12 Androidโฆ
๐17โค7
RedHook Android malware abuses ADB Wireless Debugging and Shizuku to get shell-level privileges
https://www.group-ib.com/blog/redhook-android-rat-upgraded/
https://www.group-ib.com/blog/redhook-android-rat-upgraded/
Group-IB
RedHook Returns with a Dangerous Upgrade
Group-IB analysts examine this resurfaced Android Remote Access Trojan, demonstrating new, sophisticated and malicious functionalities including autonomous privilege abuse, expanded command-and-control capabilities, and a robust persistence stack.
๐9๐6๐คก6โค2๐ฅ2๐2
Forwarded from The Bug Bounty Hunter
Reading Contact Photos Without READ_CONTACTS: A Google Messages Confused Deputy Bug
https://blog.devploit.dev/posts/google-messages-avatarcontentprovider-contacts-bypass/
https://blog.devploit.dev/posts/google-messages-avatarcontentprovider-contacts-bypass/
devploit / blog
Reading Contact Photos Without READ_CONTACTS: A Google Messages Confused Deputy Bug
What happens if an app without READ_CONTACTS asks Google Messages for Android to load a Contacts photo for it?
โค9