Frida Android Helper: Several commands to facilitate common Android pentesting tasks
https://github.com/secuworm2/frida-android-helper2
https://github.com/secuworm2/frida-android-helper2
GitHub
GitHub - secuworm2/frida-android-helper2: Frida Android utilities 2
Frida Android utilities 2. Contribute to secuworm2/frida-android-helper2 development by creating an account on GitHub.
π17β€2
BeatBanker: A dualβmode Android Trojan
https://securelist.com/beatbanker-miner-and-banker/119121/
https://securelist.com/beatbanker-miner-and-banker/119121/
π7β€5π1
PixRevolution: The Agent-Operated Android Trojan Hijacking Brazilβs PIX Payments in Real Time
https://zimperium.com/blog/pixrevolution-the-agent-operated-android-trojan-hijacking-brazils-pix-payments-in-real-time
https://zimperium.com/blog/pixrevolution-the-agent-operated-android-trojan-hijacking-brazils-pix-payments-in-real-time
Zimperium
PixRevolution: The Agent-Operated Android Trojan Hijacking Brazilβs PIX Payments in Real Time
true
π₯9β€5π2π1
Using the GBL exploit to bootloader unlock the Xiaomi 17 series
https://www.androidauthority.com/qualcomm-snapdragon-8-elite-gbl-exploit-bootloader-unlock-3648651/
https://www.androidauthority.com/qualcomm-snapdragon-8-elite-gbl-exploit-bootloader-unlock-3648651/
Android Authority
New Qualcomm exploit chain brings bootloader unlocking freedom to Android flagships (Updated: Statement)
A new exploit, dubbed "Qualcomm GBL exploit," is being chained with other exploits to bring bootloader unlocking to several flagship phones.
π17π₯8β€5
PulseAPK: Cross-Platform GUI for APK Decompilation, Analysis, and Recompilation
https://github.com/deemoun/PulseAPK-Core
https://github.com/deemoun/PulseAPK-Core
GitHub
GitHub - deemoun/PulseAPK-Core: PulseAPK Core: Cross-Platform tool for working with APK files: Decompilation, Analysis, Building
PulseAPK Core: Cross-Platform tool for working with APK files: Decompilation, Analysis, Building - deemoun/PulseAPK-Core
β€19π₯7π4π2π1π€‘1π1
This media is not supported in your browser
VIEW IN TELEGRAM
Analysis of RCE of Xiaomi C400 camera by exploiting Vulnerability #1 and #3 combined together. Vulnerabilities are not patched!
Vulnerability #1: Xiaomi - miIO Protocol Authentication Bypass
Vulnerability #2: Xiaomi - miIO client cryptographically weak PRNG
Vulnerability #3: miIO client heap buffer overflow
Analysis: https://labs.taszk.io/articles/post/nowyouseemi/
Exploits and jailbreak for Xiaomi Smart Cameras: https://github.com/TaszkSecLabs/xiaomi-c400-pwn
Vulnerability #1: Xiaomi - miIO Protocol Authentication Bypass
Vulnerability #2: Xiaomi - miIO client cryptographically weak PRNG
Vulnerability #3: miIO client heap buffer overflow
Analysis: https://labs.taszk.io/articles/post/nowyouseemi/
Exploits and jailbreak for Xiaomi Smart Cameras: https://github.com/TaszkSecLabs/xiaomi-c400-pwn
π24β€1
Taking Apart iOS Apps: Anti-Debugging and Anti-Tampering in the Wild
https://blog.calif.io/p/taking-apart-ios-apps-anti-debugging
https://blog.calif.io/p/taking-apart-ios-apps-anti-debugging
blog.calif.io
Taking Apart iOS Apps: Anti-Debugging and Anti-Tampering in the Wild
Table Of Contents
β€14π4π1
Weaponizing LSPosed: Remote SMS Injection and Identity Spoofing in Modern Payment Ecosystems
https://www.cloudsek.com/blog/weaponizing-lsposed-remote-sms-injection-and-identity-spoofing-in-modern-payment-ecosystems-2
https://www.cloudsek.com/blog/weaponizing-lsposed-remote-sms-injection-and-identity-spoofing-in-modern-payment-ecosystems-2
Cloudsek
Weaponizing LSPosed: Remote SMS Injection and Identity Spoofing in Modern Payment Ecosystems | CloudSEK
LSPosed, a powerful framework for rooted Android devices, has been weaponized by attackers to remotely inject fraudulent SMS messages and spoof user identities in modern payment ecosystems. This report exposes a critical vulnerability: the exploitation ofβ¦
π14π€4β€2π2π₯1
Oblivion RAT - An Android Spyware Platform With a Built-In APK Factory
https://iverify.io/blog/oblivion-rat-android-spyware-analysis
https://iverify.io/blog/oblivion-rat-android-spyware-analysis
iverify.io
Oblivion RAT - An Android Spyware Platform With a Built-In APK Factory
Technical analysis of Oblivion RAT Android malware: $300/month MaaS platform with APK builder, AccessibilityService hijacking, and fake ZIP encryption.
β€13π2π1π₯1
The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/
https://cloud.google.com/blog/topics/threat-intelligence/darksword-ios-exploit-chain/
Google Cloud Blog
The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors | Google Cloud Blog
DarkSword is a new iOS exploit chain that leverages multiple zero-day vulnerabilities to fully compromise iOS devices.
π12β€6π₯4π1
Perseus: DTO malware that takes notes
https://www.threatfabric.com/blogs/perseus-dto-malware-that-takes-notes
https://www.threatfabric.com/blogs/perseus-dto-malware-that-takes-notes
ThreatFabric
Perseus: DTO malware that takes notes
Perseus is a new Device Takeover (DTO) malware family that specifically looks for user-generated content stored in note taking applications.
π₯15β€4π1
Decompiling an Android Application Written in .NET MAUI 9 (Xamarin)
https://mwalkowski.com/post/decompiling-an-android-application-written-in-net-maui-9-xamarin/
https://mwalkowski.com/post/decompiling-an-android-application-written-in-net-maui-9-xamarin/
MichaΕ Walkowski
Decompiling an Android Application Written in .NET MAUI 9 (Xamarin) | MichaΕ Walkowski
.NET MAUI, as the successor to Xamarin, enables the development of cross-platform applications, including Android, using C#. In previous versions (up to .NET MAUI 8), applications stored their DLL libraries in assemblies.blob and assemblies.manifest filesβ¦
π19π1
SSL pinning bypass setup for iOS (No Jailbreak) using OpenVPN + iptables traffic redirection to proxy (Burp Suite / mitmproxy)
https://github.com/SahilH4ck4you/iOS-SSL-pinning-bypass-without-jalibreak
https://github.com/SahilH4ck4you/iOS-SSL-pinning-bypass-without-jalibreak
GitHub
GitHub - SahilH4ck4you/iOS-SSL-pinning-bypass-without-jalibreak: SSL pinning bypass setup for iOS (No Jailbreak) using OpenVPNβ¦
SSL pinning bypass setup for iOS (No Jailbreak) using OpenVPN + iptables traffic redirection to proxy (Burp Suite / mitmproxy) - SahilH4ck4you/iOS-SSL-pinning-bypass-without-jalibreak
π16π€‘10π©4β€3π3β‘2π₯±2
Microsoft Authenticatorβs Unclaimed Deep Link: A Full Account Takeover Story (CVE-2026β26123)
https://khaledsec.medium.com/microsoft-authenticators-unclaimed-deep-link-a-full-account-takeover-story-cve-2026-26123-e0409a920a02?sk=df506976e7c2d15fd29e70725873f6e2
https://khaledsec.medium.com/microsoft-authenticators-unclaimed-deep-link-a-full-account-takeover-story-cve-2026-26123-e0409a920a02?sk=df506976e7c2d15fd29e70725873f6e2
Medium
Microsoft Authenticatorβs Unclaimed Deep Link: A Full Account Takeover Story (CVE-2026β26123)
When your authentication app becomes the weakest link: How an unclaimed deep link exposed millions of Microsoft accounts
β€13β‘3π₯°2π1π1
Coruna: the framework used in Operation Triangulation
https://securelist.com/coruna-framework-updated-operation-triangulation-exploit/119228/
https://securelist.com/coruna-framework-updated-operation-triangulation-exploit/119228/
π7β€4π4π₯1
Analysis of Android FvncBot banker campaign targeting Polish users
https://cert.pl/en/posts/2026/03/fvncbot-analysis/
https://cert.pl/en/posts/2026/03/fvncbot-analysis/
cert.pl
Analysis of FvncBot campaign
CERT Polska has analyzed an SGB-branded Android malware sample from the FvncBot campaign targeting Poland. The app installs a second-stage implant, coerces the victim into enabling accessibility, and registers the device to a backend that issues per-deviceβ¦
β‘8π1
Operation NoVoice: Rootkit Tells No Tales (link to Android Triada family)
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-research-operation-novoice-rootkit-malware-android/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-research-operation-novoice-rootkit-malware-android/
McAfee Blog
Operation NoVoice: Rootkit Tells No Tales | McAfee Blog
Authored By: Ahmad Zubair Zahid McAfeeβs mobile research team identified and investigated an Android rootkit campaign tracked as Operation Novoice. The
β‘9π1
Analysis of cifrat: could this be an evolution of a mobile RAT?
https://cert.pl/en/posts/2026/04/cifrat-analysis/
https://cert.pl/en/posts/2026/04/cifrat-analysis/
cert.pl
Analysis of cifrat: could this be an evolution of a mobile RAT?
CERT Polska analyzed a Booking themed Android malware chain delivered through phishing and a fake update website. The sample is a multistage dropper that installs a hidden accessibility controlled RAT with WebSocket C2.
π12β€1
PoC of DarkSword iOS exploit tested on iOS 17.1.1 - 26.0.1
https://github.com/rooootdev/lara
https://github.com/rooootdev/lara
GitHub
GitHub - rooootdev/lara: iOS Toolbox using the DarkSword kexploit. iOS 17.0 - iOS 18.7.1 & iOS 26.0.x, excluding M5 and A19.
iOS Toolbox using the DarkSword kexploit. iOS 17.0 - iOS 18.7.1 & iOS 26.0.x, excluding M5 and A19. - rooootdev/lara
β€7π4π1π©1
Canis C2 Exposed: Previously Undocumented Cross-Platform Surveillance Framework Targeting Japan pivoting from Android sample
https://hunt.io/blog/canis-c2-exposed-cross-platform-surveillance-framework-japan
https://hunt.io/blog/canis-c2-exposed-cross-platform-surveillance-framework-japan
hunt.io
Canis C2 Exposed: Previously Undocumented Cross-Platform Surveillance Framework Targeting Japan
An exposed API on a Japanese phishing server revealed Canis C2, a previously undocumented surveillance framework targeting Android, iOS, Windows, Linux, and macOS.
β€11π2π1
Hack-For-Hire Operation Linked to BITTER APT (Android ProSpy spyware)
https://www.lookout.com/threat-intelligence/article/bitter-hack-for-hire
https://www.lookout.com/threat-intelligence/article/bitter-hack-for-hire
Lookout
Beyond BITTER: MENA Civil Society Targeted in Hack-For-Hire Operation Linke | Threat Intel
π7π1