How 1-click iOS exploit chains work (WebKit exploitation basics)
https://youtu.be/o6mVgygo-hk
https://youtu.be/o6mVgygo-hk
YouTube
How 1-Click Can Hack Your iPhone
Are you a security researcher or reverse engineer?
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals…
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals…
👍14❤11🌚2
Vulnerability in Google Messages for Wear OS resulted in invoking intents to send messages without permission (CVE-2025-12080) and awarded $2,250.00 by Google
Blog: https://towerofhanoi.it/writeups/cve-2025-12080/
PoC: https://github.com/io-no/CVE-Reports/tree/main/CVE-2025-12080
Blog: https://towerofhanoi.it/writeups/cve-2025-12080/
PoC: https://github.com/io-no/CVE-Reports/tree/main/CVE-2025-12080
❤19👍5🔥3
New Android Malware Herodotus Mimics Human Behaviour to Evade Detection
https://www.threatfabric.com/blogs/new-android-malware-herodotus-mimics-human-behaviour-to-evade-detection
https://www.threatfabric.com/blogs/new-android-malware-herodotus-mimics-human-behaviour-to-evade-detection
ThreatFabric
New Android Malware Herodotus Mimics Human Behaviour to Evade Detection
ThreatFabric has uncovered Herodotus, a new mobile malware family that aims to disrupt how fraud is done and tries to act human.
👍6❤3
GhostGrab is a new Android malware blending crypto mining with banking credential theft.
It hijacks SMS OTPs, harvests PII, and runs a hidden Monero miner—draining battery while stealing funds.
It compromised over 30 devices and C&C server leaks over 2800 victim SMS
https://www.cyfirma.com/research/ghostgrab-android-malware/
It hijacks SMS OTPs, harvests PII, and runs a hidden Monero miner—draining battery while stealing funds.
It compromised over 30 devices and C&C server leaks over 2800 victim SMS
https://www.cyfirma.com/research/ghostgrab-android-malware/
😱15❤6👍4🌚4🎃1
[beginners] Deep dive into Android Pentesting
Covered everything from static & dynamic analysis, Frida, Drozer, SSL pinning bypass, deep links, broadcast receivers, and more
If you're into mobile security, this one's packed with real-world scenarios & tools
https://coal-memory-97b.notion.site/Android-Pentest-1f6923af30cc80bdafa4f3c581f4c5f8
Covered everything from static & dynamic analysis, Frida, Drozer, SSL pinning bypass, deep links, broadcast receivers, and more
If you're into mobile security, this one's packed with real-world scenarios & tools
https://coal-memory-97b.notion.site/Android-Pentest-1f6923af30cc80bdafa4f3c581f4c5f8
❤26👍3🤣1
The Rise of NFC Relay Malware on Mobile Devices
Cybercriminals are spreading NFC relay malware that tricks you into placing your card against your phone’s NFC chip. Once you do, the malware silently captures and relays your card data to fraudsters, who can use it for unauthorized payments or ATM withdrawals.
Reports show these scams are growing fast across the globe, with hundreds of malicious apps already detected.
https://zimperium.com/blog/tap-and-steal-the-rise-of-nfc-relay-malware-on-mobile-devices
Cybercriminals are spreading NFC relay malware that tricks you into placing your card against your phone’s NFC chip. Once you do, the malware silently captures and relays your card data to fraudsters, who can use it for unauthorized payments or ATM withdrawals.
Reports show these scams are growing fast across the globe, with hundreds of malicious apps already detected.
https://zimperium.com/blog/tap-and-steal-the-rise-of-nfc-relay-malware-on-mobile-devices
❤14👍3
Spyrtacus: Italian Surveillanceware Targets Android via Telecom
https://www.secureblink.com/threat-research/spyrtacus-italian-surveillanceware-targets-android-via-telecom-phishing
https://www.secureblink.com/threat-research/spyrtacus-italian-surveillanceware-targets-android-via-telecom-phishing
Secureblink
Spyrtacus: Italian Surveillanceware Targets Android via Telecom Phishing | Secure Blink
SIO's Spyrtacus surveillanceware compromises Android devices via fake apps and cloned Italian telecom sites, stealing communications and media since 2018.
👍11❤1
Analysis of Android/BankBot-YNRK Mobile Banking Trojan
https://www.cyfirma.com/research/investigation-report-android-bankbot-ynrk-mobile-banking-trojan/
https://www.cyfirma.com/research/investigation-report-android-bankbot-ynrk-mobile-banking-trojan/
CYFIRMA
Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan - CYFIRMA
Investigation Report: Android/BankBot-YNRK Mobile Banking Trojan Executive Summary This report covers the analysis and findings related to three Android application...
🎃5👍4
Analysis of Android DeliveryRAT
https://www.f6.ru/blog/android-deliveryrat-research/
https://www.f6.ru/blog/android-deliveryrat-research/
F6
Детали доставки: исследование новой версии Android-трояна DeliveryRAT - F6
Специалисты F6 Threat Intelligence исследовали обновленную версию ВПО DeliveryRAT, распространяемого злоумышленниками во второй половине 2025 года.
👍5❤3💩3🤮1🤡1😨1
Exploiting CVE-2025-21479 on a Samsung S23
https://xploitbengineer.github.io/CVE-2025-21479
https://xploitbengineer.github.io/CVE-2025-21479
XploitBengineer
Exploiting CVE-2025-21479 on a Samsung S23
Motivation A couple of years ago, I picked up a few of Samsung S23’s at Pwn2Own.
🌚3❤1👎1
Frida JDWP Loader
This tool dynamically attaches Frida to any debuggable Android process over JDWP, enabling runtime instrumentation without root access.
Perfect for dynamic app analysis, quick pentesting, bug bounty
https://github.com/frankheat/frida-jdwp-loader Video demo: https://x.com/androidmalware2/status/1986022672472359017
This tool dynamically attaches Frida to any debuggable Android process over JDWP, enabling runtime instrumentation without root access.
Perfect for dynamic app analysis, quick pentesting, bug bounty
https://github.com/frankheat/frida-jdwp-loader Video demo: https://x.com/androidmalware2/status/1986022672472359017
❤10👍4🔥2
Analysis of recent Android NGate malware campaign (NFC relay) in Poland
https://cert.pl/en/posts/2025/11/analiza-ngate/
Demo: https://x.com/androidmalware2/status/1986406590866727047
https://cert.pl/en/posts/2025/11/analiza-ngate/
Demo: https://x.com/androidmalware2/status/1986406590866727047
cert.pl
Analysis of NGate malware campaign (NFC relay)
CERT Polska has observed new samples of mobile malware in recent months associated with an NFC Relay (NGate) attack targeting users of Polish banks.
👍8❤6🌚2
Android Stalkerware Detection Test
https://www.eff.org/deeplinks/2025/11/eff-teams-av-comparatives-test-android-stalkerware-detection-major-antivirus-apps
https://www.eff.org/deeplinks/2025/11/eff-teams-av-comparatives-test-android-stalkerware-detection-major-antivirus-apps
👍7
Fantasy Hub: Analysis of Russian Based Android RAT as M-a-a-S
https://zimperium.com/blog/fantasy-hub-another-russian-based-rat-as-m-a-a-s
https://zimperium.com/blog/fantasy-hub-another-russian-based-rat-as-m-a-a-s
Zimperium
Fantasy Hub: Another Russian Based RAT as M-a-a-S
true
👍8
LANDFALL: New Android commercial-grade spyware targeted Samsung Galaxy devices via a WhatsApp zero-click exploit in image parsing (CVE-2025-21042)
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
🔥18👍3👏3
Runtime Android Object Instrumentation
https://knifecoat.com/Posts/Runtime+Android+Object+Instrumentation
https://knifecoat.com/Posts/Runtime+Android+Object+Instrumentation
KnifeCoat
Runtime Android Object Instrumentation - KnifeCoat
Intro This year I have been doing quite a bit Android userland analysis. Android is a wonderful platform to work on, great decompiler support (JEB), easy access to rooted devices (unless you buy NA l…
👍6
The North Korean state-sponsored KONNI APT group is now using remote wipe tactics to erase Android devices through compromised victim computer
https://www.genians.co.kr/en/blog/threat_intelligence/android
https://www.genians.co.kr/en/blog/threat_intelligence/android
www.genians.co.kr
State-Sponsored Remote Wipe Tactics Targeting Android Devices
The Konni APT campaign has caused damage by remotely resetting Google Android-based devices, resulting in the unauthorized deletion of personal data.
👍7❤3🌚3
North Korean APT actors exploited ZipperDown vulnerability in Android apps via malicious emails.
One click → overwrite app library → full control.
https://ti.qianxin.com/blog/articles/operation-south-star-en/
One click → overwrite app library → full control.
https://ti.qianxin.com/blog/articles/operation-south-star-en/
Qianxin
奇安信威胁情报中心
Nuxt.js project
👍5
First-ever interview with one of Kali NetHunter developers @yesimxev is live!
We "sat down" and talked about:
His hacking journey.
What are the best smartphone for running NetHunter.
Two newly supported devices revealed.
A sneak peek into his brand-new podcast and more.
https://www.mobile-hacker.com/2025/11/11/inside-the-mind-of-a-kali-nethunter-developer-a-deep-dive-with-yesimxev/
We "sat down" and talked about:
His hacking journey.
What are the best smartphone for running NetHunter.
Two newly supported devices revealed.
A sneak peek into his brand-new podcast and more.
https://www.mobile-hacker.com/2025/11/11/inside-the-mind-of-a-kali-nethunter-developer-a-deep-dive-with-yesimxev/
👍5❤3
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
https://m4kr0x.medium.com/flutter-tls-bypass-how-to-intercept-https-traffic-when-all-other-frida-scripts-fail-bd3d04489088
https://m4kr0x.medium.com/flutter-tls-bypass-how-to-intercept-https-traffic-when-all-other-frida-scripts-fail-bd3d04489088
Medium
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
In this article, I’ll walk you through my journey in intercepting HTTPS traffic from a APK based on Flutter during a pentesting engagement…
👍8🎃4🔥3❤1