EvilNotify: Single line of code could soft-brick iPhones by sending malicious notifications (CVE-2025-24091)
https://rambo.codes/posts/2025-04-24-how-a-single-line-of-code-could-brick-your-iphone
https://rambo.codes/posts/2025-04-24-how-a-single-line-of-code-could-brick-your-iphone
Rambo Codes
How a Single Line Of Code Could Brick Your iPhone | Rambo Codes
Gui Rambo writes about his coding and reverse engineering adventures.
π₯15π©5
TM SGNL, the obscure unofficial Signal app Mike Waltz uses to text with Trump officials
Analysis: https://micahflee.com/tm-sgnl-the-obscure-unofficial-signal-app-mike-waltz-uses-to-text-with-trump-officials/
Source code: https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/
Analysis: https://micahflee.com/tm-sgnl-the-obscure-unofficial-signal-app-mike-waltz-uses-to-text-with-trump-officials/
Source code: https://micahflee.com/heres-the-source-code-for-the-unofficial-signal-app-used-by-trump-officials/
micahflee
TM SGNL, the obscure unofficial Signal app Mike Waltz uses to text with Trump officials
π‘Update May 3, 2025: I have posted a follow-up, Here's the source code for the unofficial Signal app used by Trump officials.
Update May 4, 2025: Another followup, and a big one: The Signal Clone the Trump Admin Uses Was Hacked
Update May 6, 2025: I'veβ¦
Update May 4, 2025: Another followup, and a big one: The Signal Clone the Trump Admin Uses Was Hacked
Update May 6, 2025: I'veβ¦
π12β€1
Ollama LLM with jadx for APK analysis
https://github.com/zinja-coder/zin-mcp-client
https://github.com/zinja-coder/zin-mcp-client
GitHub
GitHub - zinja-coder/zin-mcp-client: MCP Client which serves as bridge between mcp servers and local LLMs running on Ollama, Createdβ¦
MCP Client which serves as bridge between mcp servers and local LLMs running on Ollama, Created for MCP Servers Developed by Me, However other MCP Servers may run as well - zinja-coder/zin-mcp-client
π₯15π4β€1π1π1
Advanced Anti-Forensic Protection of Mobile Applications
https://www.researchgate.net/publication/375258345_Advanced_Anti-Forensic_Protection_of_Mobile_Applications
https://www.researchgate.net/publication/375258345_Advanced_Anti-Forensic_Protection_of_Mobile_Applications
ResearchGate
(PDF) Advanced Anti-Forensic Protection of Mobile Applications
PDF | AbstractβA mobile device is usually the carrier of its owner's sensitive data, but it also contains a lot of system data that reveals the... | Find, read and cite all the research you need on ResearchGate
β€13π2π₯1π1
The Human Interface Device (HID) Attack on Android Lock Screen Non-Biometric Protections and Its Computational Complexity
https://www.researchgate.net/publication/361992079_The_Human_Interface_Device_HID_Attack_on_Android_Lock_Screen_Non-Biometric_Protections_and_Its_Computational_Complexity
https://www.researchgate.net/publication/361992079_The_Human_Interface_Device_HID_Attack_on_Android_Lock_Screen_Non-Biometric_Protections_and_Its_Computational_Complexity
ResearchGate
(PDF) The Human Interface Device (HID) Attack on Android Lock Screen Non-Biometric Protections and Its Computational Complexity
PDF | Nowadays, information obtained from mobile phones is often the subject of evidence in front of a court. ForensicNowadays, information obtained... | Find, read and cite all the research you need on ResearchGate
β€8π1π1
The Human Interface Device Attack from the Perspective of the Attacker and the Forensic Analyst
https://www.researchgate.net/publication/365110681_The_Human_Interface_Device_Attack_from_the_Perspective_of_the_Attacker_and_the_Forensic_Analyst
https://www.researchgate.net/publication/365110681_The_Human_Interface_Device_Attack_from_the_Perspective_of_the_Attacker_and_the_Forensic_Analyst
ResearchGate
(PDF) The Human Interface Device Attack from the Perspective of the Attacker and the Forensic Analyst
PDF | AbstractβThe main prerequisite to extract data from asmartphone or exploit the device is to bypass its lock screenprotection. The Human Interface... | Find, read and cite all the research you need on ResearchGate
β€7π1
KALEIDOSCOPE: Evolution of Ad Fraud Exploiting App Stores as a Front
https://go.integralads.com/rs/469-VBI-606/images/AMER_Threat_Lab_Kaleidoscope_Report_IAS.pdf
https://go.integralads.com/rs/469-VBI-606/images/AMER_Threat_Lab_Kaleidoscope_Report_IAS.pdf
π5
HacknDroid: Automation of some MAPT activities and interaction with the mobile Android device
Prerequisites:
adb enabled β
device authorized β
https://github.com/RaffaDNDM/HacknDroid
Prerequisites:
adb enabled β
device authorized β
https://github.com/RaffaDNDM/HacknDroid
π11π4π3π₯3
WireWatch, a large-scale measurement pipeline to evaluate the network security of Android apps. WireWatch measures apps' usage of plaintext network traffic and non-standard, proprietary network cryptography.
https://www.computer.org/csdl/proceedings-article/sp/2025/223600d916/26hiVQjbZqE
https://www.computer.org/csdl/proceedings-article/sp/2025/223600d916/26hiVQjbZqE
π8π2π1
PAPIMonitor: python tool based on Frida for monitoring user-select APIs during the app execution
https://github.com/Dado1513/PAPIMonitor
https://github.com/Dado1513/PAPIMonitor
GitHub
GitHub - 0xdad0/PAPIMonitor: Python API Monitor for Android apps
Python API Monitor for Android apps. Contribute to 0xdad0/PAPIMonitor development by creating an account on GitHub.
β€13π4π₯2π2
Advanced Protection: Googleβs Strongest Security for Mobile Devices
https://security.googleblog.com/2025/05/advanced-protection-mobile-devices.html
https://security.googleblog.com/2025/05/advanced-protection-mobile-devices.html
Google Online Security Blog
Advanced Protection: Googleβs Strongest Security for Mobile Devices
Posted by Il-Sung Lee, Group Product Manager, Android Security Protecting users who need heightened security has been a long-standing com...
π€£11π©5π2π1
Hacking My Car, and probably yoursβ Security Flaws in Volkswagenβs App
https://loopsec.medium.com/hacking-my-car-and-probably-yours-security-flaws-in-volkswagens-app-24b34c47ba89
https://loopsec.medium.com/hacking-my-car-and-probably-yours-security-flaws-in-volkswagens-app-24b34c47ba89
Medium
Hacking My Car, and probably yoursβ Security Flaws in Volkswagenβs App
This flaw made me the owner of thousands of cars (sort of).
π14β€4π3π1π1
I was playing around with new and smaller HackRF PortaPack H4M
In a summary blog, you can find what's new with H4M, how to flash it, copy necessary data, and a couple of use-cases.
https://www.mobile-hacker.com/2025/05/19/hackrf-portapack-h4m-with-mayhem-firmware-a-powerful-handheld-sdr-toolkit/
In a summary blog, you can find what's new with H4M, how to flash it, copy necessary data, and a couple of use-cases.
https://www.mobile-hacker.com/2025/05/19/hackrf-portapack-h4m-with-mayhem-firmware-a-powerful-handheld-sdr-toolkit/
Mobile Hacker
HackRF PortaPack H4M with Mayhem Firmware β A Powerful Handheld SDR Toolkit
In the Q4 of 2024, a new SDR (Software Defined Radio) was released: the HackRF PortaPack H4M, shipping with the Mayhem firmware. Whether youβre a hobbyist, hacker, ham radio enthusiast, or security researcher, this compact device brings a full-featured radioβ¦
π8π2
Coding Without a Laptop - Two Weeks with AR Glasses and Linux on Android
https://holdtherobot.com/blog/2025/05/11/linux-on-android-with-ar-glasses/
https://holdtherobot.com/blog/2025/05/11/linux-on-android-with-ar-glasses/
Holdtherobot
Coding Without a Laptop - Two Weeks with AR Glasses and Linux on Android | Hold The Robot
I recently learned something that blew my mind;
π9π₯2π2β€1
O2 VoLTE: locating any customer with a phone call
https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/
https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/
mastdatabase.co.uk
O2 VoLTE: locating any customer with a phone call
Privacy is dead: For multiple months, any O2 customer has had their location exposed to call initiators without their knowledge.
π9π6
The State of iOS Jailbreaking in 2025
[slides] https://github.com/alfiecg24/Presentations/blob/main/The%20State%20of%20iOS%20Jailbreaking%20in%202025.pdf
[slides] https://github.com/alfiecg24/Presentations/blob/main/The%20State%20of%20iOS%20Jailbreaking%20in%202025.pdf
GitHub
Presentations/The State of iOS Jailbreaking in 2025.pdf at main Β· alfiecg24/Presentations
Contribute to alfiecg24/Presentations development by creating an account on GitHub.
π6β€1
This Video Can Exploit Your iPhone (CVE-2025-31200)
https://youtu.be/nTO3TRBW00E
https://youtu.be/nTO3TRBW00E
YouTube
This Video Can Exploit Your iPhone (CVE-2025-31200 #1)
Are you a security researcher or reverse engineer?
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individualsβ¦
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individualsβ¦
π15π₯7β€4π1π1
Bypassing MTE with CVE-2025-0072
https://github.blog/security/vulnerability-research/bypassing-mte-with-cve-2025-0072/
Exploit: https://github.com/github/securitylab/tree/main/SecurityExploits/Android/Mali/CVE-2025-0072
https://github.blog/security/vulnerability-research/bypassing-mte-with-cve-2025-0072/
Exploit: https://github.com/github/securitylab/tree/main/SecurityExploits/Android/Mali/CVE-2025-0072
The GitHub Blog
Bypassing MTE with CVE-2025-0072
See how a vulnerability in the Arm Mali GPU can be exploited to gain kernel code execution even when Memory Tagging Extension (MTE) is enabled.
β€11π1
Emulating a Bike Sensor
https://eybisi.run/Emulating-a-Bike-Sensor/
https://eybisi.run/Emulating-a-Bike-Sensor/
hedgehog's cave
Emulating a Bike Sensor
As a reverse engineer and someone who enjoys dissecting how systems communicate, my interest was recently piqued by the Bluetooth Low Energy (BLE) cycling sensors that integrate with fitness tracking
π6β€2π2π₯1
A strict iOS app that analyzes link safety like a nutrition label (no AI, offline)
https://github.com/sigfault-byte/LegitURL
https://github.com/sigfault-byte/LegitURL
GitHub
GitHub - sigfault-byte/LegitURL: A strict iOS app that analyzes link safety like a nutrition label (no AI, offline)
A strict iOS app that analyzes link safety like a nutrition label (no AI, offline) - sigfault-byte/LegitURL
π6
Boost your Android threat detection capabilities π€
Modern mobile threats require dynamic tools for dynamic threats. With ANY.RUNβs Interactive Sandbox now supports Android, you can:
β Instantly detect threats with interactive analysis
β Understand APK behavior with fast access to threat details
β Extract IOCs and generate detailed reports in seconds
π Special offer: Get extra Sandbox licenses to level up your mobile threat hunting.
Hurry up to get #ANYRUN birthday deals, ending May 31 π here is the link.
Modern mobile threats require dynamic tools for dynamic threats. With ANY.RUNβs Interactive Sandbox now supports Android, you can:
β Instantly detect threats with interactive analysis
β Understand APK behavior with fast access to threat details
β Extract IOCs and generate detailed reports in seconds
π Special offer: Get extra Sandbox licenses to level up your mobile threat hunting.
Hurry up to get #ANYRUN birthday deals, ending May 31 π here is the link.
β€13π₯2π1