CVE-2024-53104 proof of concept: Privilege escalation security flaw in the Android Kernel's USB Video Class driver that allows authenticated local threat actors to elevate privileges in low-complexity attacks
https://github.com/zhuowei/facedancer/blob/rawgadget2/examples/camera.py#L15
https://github.com/zhuowei/facedancer/blob/rawgadget2/examples/camera.py#L15
GitHub
facedancer/examples/camera.py at rawgadget2 Β· zhuowei/facedancer
Fork of https://github.com/xairy/Facedancer/tree/rawgadget with patches for testing CVE-2024-53197 - zhuowei/facedancer
π₯19π4
Rooting an Android Emulator for Mobile Security Testing
https://8ksec.io/rooting-an-android-emulator-for-mobile-security-testing/
https://8ksec.io/rooting-an-android-emulator-for-mobile-security-testing/
8kSec - 8kSec is a cybersecurity research & training company. We provide high-quality training & consulting services.
Rooting an Android Emulator for Mobile Security Testing - 8kSec
Introduction Rooting an Android emulator is essential for mobile app security research because it allows researchers to use powerful instrumentation and debugging tools that require root privileges. By obtaining full root (superuser) access on an AVD, youβ¦
π₯21π9β€1π₯°1π1
Triada strikes back
https://securelist.com/triada-trojan-modules-analysis/116380/
https://securelist.com/triada-trojan-modules-analysis/116380/
Securelist
A new version of Triada spreads embedded in the firmware of Android devices
Kaspersky expert has discovered a new version of the Triada Trojan, with custom modules for Telegram, WhatsApp, TikTok, and other apps.
β€βπ₯13π4β€3π1
AirBorne: Wormable Zero-Click Remote Code Execution (RCE) in AirPlay Protocol Puts Apple & IoT Devices at Risk
https://www.oligo.security/blog/airborne
https://www.oligo.security/blog/airborne
www.oligo.security
Airborne: Wormable Zero-Click RCE in Apple AirPlay Puts Billions of Devices at Risk | Oligo Security | Oligo Security
Oligo Security reveals AirBorne, a new set of vulnerabilities in Appleβs AirPlay protocol and SDK. Learn how zero-click RCEs, ACL bypasses, and wormable exploits could endanger Apple and IoT devices worldwide β and how to protect yourself.
π8π2π€·ββ1π₯°1
EvilNotify: Single line of code could soft-brick iPhones by sending malicious notifications (CVE-2025-24091)
https://rambo.codes/posts/2025-04-24-how-a-single-line-of-code-could-brick-your-iphone
https://rambo.codes/posts/2025-04-24-how-a-single-line-of-code-could-brick-your-iphone
Rambo Codes
How a Single Line Of Code Could Brick Your iPhone | Rambo Codes
Gui Rambo writes about his coding and reverse engineering adventures.
π₯15π©5
TM SGNL, the obscure unofficial Signal app Mike Waltz uses to text with Trump officials
Analysis: https://micahflee.com/tm-sgnl-the-obscure-unofficial-signal-app-mike-waltz-uses-to-text-with-trump-officials/
Source code: https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/
Analysis: https://micahflee.com/tm-sgnl-the-obscure-unofficial-signal-app-mike-waltz-uses-to-text-with-trump-officials/
Source code: https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/
micahflee
TM SGNL, the obscure unofficial Signal app Mike Waltz uses to text with Trump officials
π‘Update May 3, 2025: I have posted a follow-up, Here's the source code for the unofficial Signal app used by Trump officials.
Update May 4, 2025: Another followup, and a big one: The Signal Clone the Trump Admin Uses Was Hacked
Update May 6, 2025: I'veβ¦
Update May 4, 2025: Another followup, and a big one: The Signal Clone the Trump Admin Uses Was Hacked
Update May 6, 2025: I'veβ¦
π12β€1
Ollama LLM with jadx for APK analysis
https://github.com/zinja-coder/zin-mcp-client
https://github.com/zinja-coder/zin-mcp-client
GitHub
GitHub - zinja-coder/zin-mcp-client: MCP Client which serves as bridge between mcp servers and local LLMs running on Ollama, Createdβ¦
MCP Client which serves as bridge between mcp servers and local LLMs running on Ollama, Created for MCP Servers Developed by Me, However other MCP Servers may run as well - zinja-coder/zin-mcp-client
π₯15π4β€1π1π1
Advanced Anti-Forensic Protection of Mobile Applications
https://www.researchgate.net/publication/375258345_Advanced_Anti-Forensic_Protection_of_Mobile_Applications
https://www.researchgate.net/publication/375258345_Advanced_Anti-Forensic_Protection_of_Mobile_Applications
ResearchGate
(PDF) Advanced Anti-Forensic Protection of Mobile Applications
PDF | AbstractβA mobile device is usually the carrier of its owner's sensitive data, but it also contains a lot of system data that reveals the... | Find, read and cite all the research you need on ResearchGate
β€13π2π₯1π1
The Human Interface Device (HID) Attack on Android Lock Screen Non-Biometric Protections and Its Computational Complexity
https://www.researchgate.net/publication/361992079_The_Human_Interface_Device_HID_Attack_on_Android_Lock_Screen_Non-Biometric_Protections_and_Its_Computational_Complexity
https://www.researchgate.net/publication/361992079_The_Human_Interface_Device_HID_Attack_on_Android_Lock_Screen_Non-Biometric_Protections_and_Its_Computational_Complexity
ResearchGate
(PDF) The Human Interface Device (HID) Attack on Android Lock Screen Non-Biometric Protections and Its Computational Complexity
PDF | Nowadays, information obtained from mobile phones is often the subject of evidence in front of a court. ForensicNowadays, information obtained... | Find, read and cite all the research you need on ResearchGate
β€8π1π1
The Human Interface Device Attack from the Perspective of the Attacker and the Forensic Analyst
https://www.researchgate.net/publication/365110681_The_Human_Interface_Device_Attack_from_the_Perspective_of_the_Attacker_and_the_Forensic_Analyst
https://www.researchgate.net/publication/365110681_The_Human_Interface_Device_Attack_from_the_Perspective_of_the_Attacker_and_the_Forensic_Analyst
ResearchGate
(PDF) The Human Interface Device Attack from the Perspective of the Attacker and the Forensic Analyst
PDF | AbstractβThe main prerequisite to extract data from asmartphone or exploit the device is to bypass its lock screenprotection. The Human Interface... | Find, read and cite all the research you need on ResearchGate
β€7π1
KALEIDOSCOPE: Evolution of Ad Fraud Exploiting App Stores as a Front
https://go.integralads.com/rs/469-VBI-606/images/AMER_Threat_Lab_Kaleidoscope_Report_IAS.pdf
https://go.integralads.com/rs/469-VBI-606/images/AMER_Threat_Lab_Kaleidoscope_Report_IAS.pdf
π5
HacknDroid: Automation of some MAPT activities and interaction with the mobile Android device
Prerequisites:
adb enabled β
device authorized β
https://github.com/RaffaDNDM/HacknDroid
Prerequisites:
adb enabled β
device authorized β
https://github.com/RaffaDNDM/HacknDroid
π11π4π3π₯3
WireWatch, a large-scale measurement pipeline to evaluate the network security of Android apps. WireWatch measures apps' usage of plaintext network traffic and non-standard, proprietary network cryptography.
https://www.computer.org/csdl/proceedings-article/sp/2025/223600d916/26hiVQjbZqE
https://www.computer.org/csdl/proceedings-article/sp/2025/223600d916/26hiVQjbZqE
π8π2π1
PAPIMonitor: python tool based on Frida for monitoring user-select APIs during the app execution
https://github.com/Dado1513/PAPIMonitor
https://github.com/Dado1513/PAPIMonitor
GitHub
GitHub - 0xdad0/PAPIMonitor: Python API Monitor for Android apps
Python API Monitor for Android apps. Contribute to 0xdad0/PAPIMonitor development by creating an account on GitHub.
β€13π4π₯2π2
Advanced Protection: Googleβs Strongest Security for Mobile Devices
https://security.googleblog.com/2025/05/advanced-protection-mobile-devices.html
https://security.googleblog.com/2025/05/advanced-protection-mobile-devices.html
Google Online Security Blog
Advanced Protection: Googleβs Strongest Security for Mobile Devices
Posted by Il-Sung Lee, Group Product Manager, Android Security Protecting users who need heightened security has been a long-standing com...
π€£11π©5π2π1
Hacking My Car, and probably yoursβ Security Flaws in Volkswagenβs App
https://loopsec.medium.com/hacking-my-car-and-probably-yours-security-flaws-in-volkswagens-app-24b34c47ba89
https://loopsec.medium.com/hacking-my-car-and-probably-yours-security-flaws-in-volkswagens-app-24b34c47ba89
Medium
Hacking My Car, and probably yoursβ Security Flaws in Volkswagenβs App
This flaw made me the owner of thousands of cars (sort of).
π14β€4π3π1π1
I was playing around with new and smaller HackRF PortaPack H4M
In a summary blog, you can find what's new with H4M, how to flash it, copy necessary data, and a couple of use-cases.
https://www.mobile-hacker.com/2025/05/19/hackrf-portapack-h4m-with-mayhem-firmware-a-powerful-handheld-sdr-toolkit/
In a summary blog, you can find what's new with H4M, how to flash it, copy necessary data, and a couple of use-cases.
https://www.mobile-hacker.com/2025/05/19/hackrf-portapack-h4m-with-mayhem-firmware-a-powerful-handheld-sdr-toolkit/
Mobile Hacker
HackRF PortaPack H4M with Mayhem Firmware β A Powerful Handheld SDR Toolkit
In the Q4 of 2024, a new SDR (Software Defined Radio) was released: the HackRF PortaPack H4M, shipping with the Mayhem firmware. Whether youβre a hobbyist, hacker, ham radio enthusiast, or security researcher, this compact device brings a full-featured radioβ¦
π8π2
Coding Without a Laptop - Two Weeks with AR Glasses and Linux on Android
https://holdtherobot.com/blog/2025/05/11/linux-on-android-with-ar-glasses/
https://holdtherobot.com/blog/2025/05/11/linux-on-android-with-ar-glasses/
Holdtherobot
Coding Without a Laptop - Two Weeks with AR Glasses and Linux on Android | Hold The Robot
I recently learned something that blew my mind;
π9π₯2π2β€1
O2 VoLTE: locating any customer with a phone call
https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/
https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/
mastdatabase.co.uk
O2 VoLTE: locating any customer with a phone call
Privacy is dead: For multiple months, any O2 customer has had their location exposed to call initiators without their knowledge.
π9π6
The State of iOS Jailbreaking in 2025
[slides] https://github.com/alfiecg24/Presentations/blob/main/The%20State%20of%20iOS%20Jailbreaking%20in%202025.pdf
[slides] https://github.com/alfiecg24/Presentations/blob/main/The%20State%20of%20iOS%20Jailbreaking%20in%202025.pdf
GitHub
Presentations/The State of iOS Jailbreaking in 2025.pdf at main Β· alfiecg24/Presentations
Contribute to alfiecg24/Presentations development by creating an account on GitHub.
π6β€1
This Video Can Exploit Your iPhone (CVE-2025-31200)
https://youtu.be/nTO3TRBW00E
https://youtu.be/nTO3TRBW00E
YouTube
This Video Can Exploit Your iPhone (CVE-2025-31200 #1)
Are you a security researcher or reverse engineer?
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individualsβ¦
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individualsβ¦
π15π₯7β€4π1π1