How to load unsigned or fake-signed apps on iOS
https://www.pentestpartners.com/security-blog/how-to-load-unsigned-or-fake-signed-apps-on-ios/
https://www.pentestpartners.com/security-blog/how-to-load-unsigned-or-fake-signed-apps-on-ios/
Pen Test Partners
How to load unsigned or fake-signed apps on iOS | Pen Test Partners
TL;DR Introduction In certain circumstances it can be challenging installing client applications for testing. Situations arise where the application could be provided unsigned or requires self-signing. As a result, the application cannot be directly provisionedโฆ
๐6๐ฉ5โค1๐1
Vulnerabilities Found in Preinstalled apps on Android Smartphones
3rd party app installed on a device could misuse vulnerabilities to:
โ perform factory reset of device
โ exfiltrate PIN code
โ inject an arbitrary intent with system-level privileges
https://www.mobile-hacker.com/2025/06/02/security-issues-found-in-android-smartphones/
3rd party app installed on a device could misuse vulnerabilities to:
โ perform factory reset of device
โ exfiltrate PIN code
โ inject an arbitrary intent with system-level privileges
https://www.mobile-hacker.com/2025/06/02/security-issues-found-in-android-smartphones/
Mobile Hacker
Security Issues Found in preinstalled apps on Android Smartphones
Security researchers have uncovered several critical vulnerabilities in applications preloaded on Ulefone and Krรผger&Matz Android smartphones. These flaws, reported by CERT Polska and discovered by Szymon Chadam, expose users to significant risks, includingโฆ
๐คฏ17โค4๐3โ1
Reverse Engineer Android Apps for API Keys
https://pwn.guide/free/forensics/re-android
https://pwn.guide/free/forensics/re-android
๐ฉ17๐คก8๐3โค1๐คฎ1๐1๐ญ1๐1
Analysis of CoreAudio ITW vulnerability (CVE-2025-31200) patched in iOS 18.4.1
https://blog.noahhw.dev/posts/cve-2025-31200/
https://blog.noahhw.dev/posts/cve-2025-31200/
A Strange Blog
CVE 2025 31200
Background On April 16, 2025, Apple released a patch for a bug in CoreAudio which they said was โActively exploited in the wild.โ This flew under the radar a bit. Epsilonโs blog has a great writeup of the other bug that was presumably exploited in this chain:โฆ
โค9
Crocodilus Mobile Malware: Evolving Fast, Going Global
https://www.threatfabric.com/blogs/crocodilus-mobile-malware-evolving-fast-going-global
https://www.threatfabric.com/blogs/crocodilus-mobile-malware-evolving-fast-going-global
ThreatFabric
Crocodilus Mobile Malware: Evolving Fast, Going Global
Discover the latest developments on Crocodilus, a sophisticated Android Trojan targeting banking apps and crypto wallets across the globe.
๐11๐ฅฑ3๐ด2
Android malware trends: Stealthier, easier-to-use
https://intel471.com/blog/android-malware-trends-stealthier-easier-to-use
https://intel471.com/blog/android-malware-trends-stealthier-easier-to-use
โค9๐2
Covert Web-to-App Tracking via Localhost on Android
A novel tracking method by Meta and Yandex potentially affecting billions of Android users
https://localmess.github.io/
A novel tracking method by Meta and Yandex potentially affecting billions of Android users
https://localmess.github.io/
๐9
Analysis of Spyware That Helped to Compromise a Syrian Army from Within
Smartphone espionage doesnโt need expensive exploits. Cheap tools like SpyMax with targeted phishing a social engineering can breach even military targets - no 0-days required
https://www.mobile-hacker.com/2025/06/05/analysis-of-spyware-that-helped-to-compromise-a-syrian-army-from-within/
Smartphone espionage doesnโt need expensive exploits. Cheap tools like SpyMax with targeted phishing a social engineering can breach even military targets - no 0-days required
https://www.mobile-hacker.com/2025/06/05/analysis-of-spyware-that-helped-to-compromise-a-syrian-army-from-within/
Mobile Hacker
Analysis of Spyware That Helped to Compromise a Syrian Army from Within
This case demonstrates that effective smartphone espionage doesn't always require expensive zero-day exploits or the development of sophisticated, custom and undetected spyware. Instead, attackers can achieve significant intelligence gains using older, offโฆ
๐11๐1
Emulating an iPhone in QEMU
Part 1: https://eshard.com/posts/emulating-ios-14-with-qemu
Part 2: https://eshard.com/posts/emulating-ios-14-with-qemu-part2
Part 1: https://eshard.com/posts/emulating-ios-14-with-qemu
Part 2: https://eshard.com/posts/emulating-ios-14-with-qemu-part2
๐7๐4๐คฎ1
Lightweight Time Travel Analysis with Frida: faster Android emulation
https://eshard.com/posts/frida-tracer-lightweight-time-travel-analysis
https://eshard.com/posts/frida-tracer-lightweight-time-travel-analysis
๐4โค1
Mobile statistics: IT threat evolution in Q1 2025
https://securelist.com/malware-report-q1-2025-mobile-statistics/116676/
https://securelist.com/malware-report-q1-2025-mobile-statistics/116676/
Securelist
Mobile threat report for Q1 2025
The number of attacks on mobile devices involving malware, adware, or unwanted apps saw a significant increase in the first quarter.
โค6๐2
Cellebrite to acquire mobile testing firm Corellium in $200 million deal
https://cyberscoop.com/cellebrite-correllium-acquisition-ios-android/
https://cyberscoop.com/cellebrite-correllium-acquisition-ios-android/
CyberScoop
Cellebrite to acquire mobile testing firm Corellium in $200 million deal
Both companies have faced controversy in recent years, primarily for their work in circumventing mobile device security features
โค9๐ฉ3๐3
Solo: A Pixel 6 Pro Story (When one bug is all you need)
https://starlabs.sg/blog/2025/06-solo-a-pixel-6-pro-story-when-one-bug-is-all-you-need/
https://starlabs.sg/blog/2025/06-solo-a-pixel-6-pro-story-when-one-bug-is-all-you-need/
STAR Labs
Solo: A Pixel 6 Pro Story (When one bug is all you need)
During my internship I was tasked to analyze a Mali GPU exploit on Pixel 7/8 devices and adapt it to make it work on another device: the Pixel 6 Pro.
While the exploit process itself is relatively straightforward to reproduce (in theory we just need to findโฆ
While the exploit process itself is relatively straightforward to reproduce (in theory we just need to findโฆ
๐7๐1
Android Spyware Alert! Fake government app targeting Android users in India!
https://labs.k7computing.com/index.php/android-spyware-alert-fake-government-app-targeting-android-users-in-india/
https://labs.k7computing.com/index.php/android-spyware-alert-fake-government-app-targeting-android-users-in-india/
K7 Labs
Android Spyware Alert! Fake government app targeting Android users in India!
Recently, we came across a detection in our telemetry report named โPM KISAN YOJNAโ, masquerading as the official government application [โฆ]
๐4๐คช2โค1๐1
Transform Your Old Smartphone into a Pocket Cyberdeck with Kali NetHunter
Tutorial on how to 3D-print a minimalist palmtop-style case for Google Pixel 3 XL and install NetHunter on it with custom kernel
https://www.mobile-hacker.com/2025/06/06/transform-your-old-smartphone-into-a-pocket-cyberdeck-with-kali-nethunter/
Tutorial on how to 3D-print a minimalist palmtop-style case for Google Pixel 3 XL and install NetHunter on it with custom kernel
https://www.mobile-hacker.com/2025/06/06/transform-your-old-smartphone-into-a-pocket-cyberdeck-with-kali-nethunter/
Mobile Hacker
Transform Your Old Smartphone into a Pocket Cyberdeck with Kali NetHunter
This setup serves as a convenient alternative to carrying a full-sized laptop or struggling with a smartphoneโs virtual keyboard for complex technical tasks. It offers comfortable typing and an efficient portability.
๐11๐2๐1๐1
DroidGround: Elevate your Android CTF Challenges
https://thelicato.medium.com/droidground-elevate-your-android-ctf-challenges-69a5c479965e
https://thelicato.medium.com/droidground-elevate-your-android-ctf-challenges-69a5c479965e
Medium
DroidGround: Elevate your Android CTF Challenges
Ever felt that Android CTF challenges are too focused on reverse engineering, leaving out the thrill of real-world exploitation? I did tooโฆ
๐5โค2
Android In-The-Wild: Unexpectedly Excavating a Kernel Exploit
https://www.youtube.com/watch?v=lnK1iACJ3-c
https://www.youtube.com/watch?v=lnK1iACJ3-c
YouTube
OffensiveCon25 - Seth Jenkins - Android In-The-Wild: Unexpectedly Excavating a Kernel Exploit
https://www.offensivecon.org/speakers/2025/seth-jenkins.html
โค10๐1
BrutDroid โ Android Security Toolkit that automates tedious emulator setup with one command (emulator, Magisk, Frida, Burp certificates, etc.)
https://github.com/Brut-Security/BrutDroid/
https://github.com/Brut-Security/BrutDroid/
๐17๐2
Android lock screen data leak (Awarded $500)
Due to a lock screen race its possible to leak interactive app contents since app launches show on the lock screen temporarily
https://ndevtk.github.io/writeups/2025/06/06/android-leak/
Due to a lock screen race its possible to leak interactive app contents since app launches show on the lock screen temporarily
https://ndevtk.github.io/writeups/2025/06/06/android-leak/
Writeups
Android lock screen data leak (Awarded $500)
Due to a lock screen race its possible to leak interactive app contents since app launches show on the lock screen temporarily.
๐12๐ฟ4โค2
Over 20 Crypto Phishing Applications Found on the Play Store Stealing Mnemonic Phrases
https://cyble.com/blog/crypto-phishing-applications-on-the-play-store/
https://cyble.com/blog/crypto-phishing-applications-on-the-play-store/
Cyble
Crypto Phishing Applications On The Play Store
CRIL discovers over 20 malicious apps targeting crypto wallet users with phishing tactics and Play Store distribution under compromised developer accounts.
๐7โค2๐1๐1๐1
Locating Smartphones Using Seeker: How a Simple Link Can Reveal Your Smartphoneโs Location
https://www.mobile-hacker.com/2025/06/10/seeker-how-a-simple-link-can-reveal-your-smartphones-location/
https://www.mobile-hacker.com/2025/06/10/seeker-how-a-simple-link-can-reveal-your-smartphones-location/
โค17๐ฅฑ7๐ฅ3๐คฏ2๐2๐1