How to build portable Kali box with Raspberry Pi and Touchscreen
✅installation process
✅install drivers and switch output to touchscreen
✅allow auto-login
✅enable SSH as root
✅setup virtual keyboard
https://www.mobile-hacker.com/2025/02/26/building-a-portable-kali-box-with-raspberry-pi-and-touchscreen/
✅installation process
✅install drivers and switch output to touchscreen
✅allow auto-login
✅enable SSH as root
✅setup virtual keyboard
https://www.mobile-hacker.com/2025/02/26/building-a-portable-kali-box-with-raspberry-pi-and-touchscreen/
Mobile Hacker
Building a Portable Kali Box with Raspberry Pi and Touchscreen - Mobile Hacker
In this guide, I will walk you through the process of setting up a Raspberry Pi with a 3.5-inch touchscreen running Kali Linux. This compact yet powerful setup is perfect for on-the-go penetration testing and cybersecurity research. I’ll cover everything…
👍23🌚3👎1
Exploiting the iOS Kernel by Spraying IOSurfaces (part 2)
https://youtu.be/Y-UI4dEFXFk
https://youtu.be/Y-UI4dEFXFk
YouTube
But How Does a Kernel Exploit Actually Work?
Are you a security researcher or reverse engineer?
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals…
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals…
🌚10🔥4
nRootTag: 1.5 Billion iPhones Used for Malicious Tracking
nRootTag vulnerability allows remote tracking through Apple's Find My network using Bluetooth technology
https://securityonline.info/nroottag-1-5-billion-iphones-used-for-malicious-tracking/
nRootTag vulnerability allows remote tracking through Apple's Find My network using Bluetooth technology
https://securityonline.info/nroottag-1-5-billion-iphones-used-for-malicious-tracking/
Daily CyberSecurity
nRootTag: 1.5 Billion iPhones Used for Malicious Tracking
Learn how the nRootTag vulnerability allows remote tracking through Apple's Find My network using Bluetooth technology.
🌚9
Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally
https://blog.xlab.qianxin.com/long-live-the-vo1d_botnet/
https://blog.xlab.qianxin.com/long-live-the-vo1d_botnet/
❤11👍4🔥2🌚1
Cellebrite zero-day exploit used to target phone of Serbian student activist to install Android spyware
https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/
https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/
Amnesty International Security Lab
Cellebrite zero-day exploit used to target phone of Serbian student activist - Amnesty International Security Lab
Amnesty International’s Security Lab uncovers sophisticated Cellebrite zero-day exploit, impacting billions of Android devices.
🔥18👍3😁1💩1
Trigon: developing a deterministic kernel exploit for iOS
https://alfiecg.uk/2025/03/01/Trigon.html
https://alfiecg.uk/2025/03/01/Trigon.html
Alfie CG
Trigon: developing a deterministic kernel exploit for iOS (part 1)
Background Vulnerability Experimentation Arbitrary physical mapping Dynamically finding our mapping base Finding the kernel base A10(X) A11 Non-KTRR devices Virtual kernel read/write Page table panic Brandon Azad’s method PV head table (again) IOSurface kernel…
🔥11🌚2👍1👏1
Mobile malware evolution in 2024
https://securelist.com/mobile-threat-report-2024/115494/
https://securelist.com/mobile-threat-report-2024/115494/
Securelist
The mobile threat landscape in 2024
❤10👍2👎1🥱1🌚1
EvilLoader: Yesterday was published PoC for unpatched vulnerability affecting Telegram for Android.
The exploit has been sold on underground forum since January 2025.✅Don't install external players if requested by received corrupted video file on Telegram.
https://www.mobile-hacker.com/2025/03/05/evilloader-unpatched-telegram-for-android-vulnerability-disclosed/
The exploit has been sold on underground forum since January 2025.✅Don't install external players if requested by received corrupted video file on Telegram.
https://www.mobile-hacker.com/2025/03/05/evilloader-unpatched-telegram-for-android-vulnerability-disclosed/
Mobile Hacker
EvilLoader: Unpatched Telegram for Android Vulnerability Disclosed - Mobile Hacker
A newly disclosed in Telegram for Android, dubbed EvilLoader, allows attackers to disguise malicious APKs as video files, potentially leading to unauthorized malware installations on users' devices.
👍19❤4🔥3🌚2👎1
BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-disruption-badbox-2-0/
Humansecurity
Satori Threat Intelligence Disruption: BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes - HUMAN Security
HUMAN's Satori Threat Intelligence and Research Team uncovered BADBOX 2.0, a major expansion and adaptation of the earlier BADBOX operation.
👍13🔥5👏3❤1
[analysis] PlayPraetor trojan spreads through fake Play Store pages to steal user data
https://cdn.prod.website-files.com/66fbdb04ee8bb0436308fc15/67c83686e642fa846565699c_CTM360%20Report_%20PlayPraetor%20Trojan%20-%20Clear%20TLP.pdf
https://cdn.prod.website-files.com/66fbdb04ee8bb0436308fc15/67c83686e642fa846565699c_CTM360%20Report_%20PlayPraetor%20Trojan%20-%20Clear%20TLP.pdf
🌚10👍1
KoSpy: New Android Spyware was discovered on Google Play Store, operated by North Korea TA and attributed to APT37.
KoSpy app is still available on alternative app stores.
https://www.lookout.com/threat-intelligence/article/lookout-discovers-new-spyware-by-north-korean-apt37
KoSpy app is still available on alternative app stores.
https://www.lookout.com/threat-intelligence/article/lookout-discovers-new-spyware-by-north-korean-apt37
🌚7👍3❤2
Android Banking Trojan – OctoV2, masquerading as Deepseek AI
https://labs.k7computing.com/index.php/android-banking-trojan-octov2-masquerading-as-deepseek-ai/
https://labs.k7computing.com/index.php/android-banking-trojan-octov2-masquerading-as-deepseek-ai/
K7 Labs
Android Banking Trojan – OctoV2, masquerading as Deepseek AI
The world is moving from human reality to artificial reality aka advanced artificial intelligence (AI). In January 2025, Deepseek, an […]
🌚11❤1👍1🥱1😴1
It works! The first real smartwatch with Wi-Fi injection, capturing a WPA2 handshake! Using Kali NetHunter running Hijacker app on TicWatch Pro 3 smartwatch. All of that is possible thanks to @yesimxev, one of NetHunter developers! Video credits to @yesimxev (X)
https://www.instagram.com/reel/DHK8eahN2IZ/
https://www.instagram.com/reel/DHK8eahN2IZ/
🔥17👍3🌚3❤1👏1
🚨 Android Threat Hunters, Your Job Just Got Easier!
ANY.RUN has just released a brand-new OS designed for real-time Android threat analysis inside a secure sandbox environment.
Now, businesses and security teams can:
✅ Detect Android threats faster
🔍 Investigate APK behavior in real time
⚡ Speed up incident response
💰 Reduce cybersecurity costs
Best part? It’s available for all plans—even FREE users!
👉 Try now: https://goo.su/GH7WO
ANY.RUN has just released a brand-new OS designed for real-time Android threat analysis inside a secure sandbox environment.
Now, businesses and security teams can:
✅ Detect Android threats faster
🔍 Investigate APK behavior in real time
⚡ Speed up incident response
💰 Reduce cybersecurity costs
Best part? It’s available for all plans—even FREE users!
👉 Try now: https://goo.su/GH7WO
👍16❤3
Vapor malware: Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Blog: https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
PDF report: https://go.integralads.com/rs/469-VBI-606/images/AMER_VAPOR_THREAT_REPORT_IAS.pdf
Blog: https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
PDF report: https://go.integralads.com/rs/469-VBI-606/images/AMER_VAPOR_THREAT_REPORT_IAS.pdf
Bitdefender
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have found a huge ad fraud campaign with hundreds of malicious apps in the Google Play Store
👍10🌚2
Analysis of Paragon’s Graphite Spyware Operations misusing WhatsApp Zero-Click exploit
https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/
https://citizenlab.ca/2025/03/a-first-look-at-paragons-proliferating-spyware-operations/
🔥18👏3❤1👍1
Looks like there is a demand for Telegram RCE exploit
https://techcrunch.com/2025/03/21/russian-zero-day-seller-is-offering-up-to-4-million-for-telegram-exploits/
https://techcrunch.com/2025/03/21/russian-zero-day-seller-is-offering-up-to-4-million-for-telegram-exploits/
🔥24😁6👍2❤1👏1🤮1💩1🤡1
Safari 1day RCE Exploit
Confirmed exploit works on macOS 13.3.1, iOS 15.8.2.
https://github.com/wh1te4ever/WebKit-Bug-256172/tree/ios-arm64
Confirmed exploit works on macOS 13.3.1, iOS 15.8.2.
https://github.com/wh1te4ever/WebKit-Bug-256172/tree/ios-arm64
GitHub
GitHub - wh1te4ever/WebKit-Bug-256172 at ios-arm64
Safari 1day RCE Exploit. Contribute to wh1te4ever/WebKit-Bug-256172 development by creating an account on GitHub.
❤🔥14💩4👎3🤡2👍1🌚1
New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI (new Xamarin)
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-malware-campaigns-evading-detection-using-cross-platform-framework-net-maui/
McAfee Blog
New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI | McAfee Blog
Authored by Dexter Shin Summary Cybercriminals are constantly evolving their techniques to bypass security measures. Recently, the McAfee Mobile
🌚6❤2👍1
A Blueprint of Android Activity Lifecycle
https://8ksec.io/a-blueprint-of-android-activity-lifecycle/
https://8ksec.io/a-blueprint-of-android-activity-lifecycle/
8kSec
Android Activity Lifecycle Blueprint | 8kSec
Deep dive into the Android Activity lifecycle through AOSP internals and Android 15 source code. Understand each state transition beyond basic callbacks.
👍9🤡4👎1🤣1
APT36 Mimics India Post Website to Spread Malware to Windows and Android Users
https://www.cyfirma.com/research/turning-aid-into-attack-exploitation-of-pakistans-youth-laptop-scheme-to-target-india/
https://www.cyfirma.com/research/turning-aid-into-attack-exploitation-of-pakistans-youth-laptop-scheme-to-target-india/
CYFIRMA
TURNING AID INTO ATTACK: EXPLOITATION OF PAKISTAN'S YOUTH LAPTOP SCHEME TO TARGET INDIA - CYFIRMA
EXECUTIVE SUMMARY In this report, CYFIRMA examines the tactics employed by a Pakistan-based APT group, assessed with medium confidence as...
👍7