Android In-The-Wild: Unexpectedly Excavating a Kernel Exploit
https://www.youtube.com/watch?v=lnK1iACJ3-c
https://www.youtube.com/watch?v=lnK1iACJ3-c
YouTube
OffensiveCon25 - Seth Jenkins - Android In-The-Wild: Unexpectedly Excavating a Kernel Exploit
https://www.offensivecon.org/speakers/2025/seth-jenkins.html
โค10๐1
BrutDroid โ Android Security Toolkit that automates tedious emulator setup with one command (emulator, Magisk, Frida, Burp certificates, etc.)
https://github.com/Brut-Security/BrutDroid/
https://github.com/Brut-Security/BrutDroid/
๐17๐2
Android lock screen data leak (Awarded $500)
Due to a lock screen race its possible to leak interactive app contents since app launches show on the lock screen temporarily
https://ndevtk.github.io/writeups/2025/06/06/android-leak/
Due to a lock screen race its possible to leak interactive app contents since app launches show on the lock screen temporarily
https://ndevtk.github.io/writeups/2025/06/06/android-leak/
Writeups
Android lock screen data leak (Awarded $500)
Due to a lock screen race its possible to leak interactive app contents since app launches show on the lock screen temporarily.
๐12๐ฟ4โค2
Over 20 Crypto Phishing Applications Found on the Play Store Stealing Mnemonic Phrases
https://cyble.com/blog/crypto-phishing-applications-on-the-play-store/
https://cyble.com/blog/crypto-phishing-applications-on-the-play-store/
Cyble
Crypto Phishing Applications On The Play Store
CRIL discovers over 20 malicious apps targeting crypto wallet users with phishing tactics and Play Store distribution under compromised developer accounts.
๐7โค2๐1๐1๐1
Locating Smartphones Using Seeker: How a Simple Link Can Reveal Your Smartphoneโs Location
https://www.mobile-hacker.com/2025/06/10/seeker-how-a-simple-link-can-reveal-your-smartphones-location/
https://www.mobile-hacker.com/2025/06/10/seeker-how-a-simple-link-can-reveal-your-smartphones-location/
โค17๐ฅฑ7๐ฅ3๐คฏ2๐2๐1
Bruteforcing the phone number of any Google user
https://brutecat.com/articles/leaking-google-phones
https://brutecat.com/articles/leaking-google-phones
brutecat.com
Leaking the phone number of any Google user
From rate limits to no limits: How IPv6's massive address space and a crafty botguard bypass left every Google user's phone number vulnerable
๐17๐2๐2๐1
Media is too big
VIEW IN TELEGRAM
Can your phone be tracked without installing any malicious app?
Yes. In my post, I'll show how a simple link can reveal your smartphoneโs location, demonstrate what a targeted user sees, how easy it is to set it up and how to prevent it
https://www.mobile-hacker.com/2025/06/10/seeker-how-a-simple-link-can-reveal-your-smartphones-location/
Yes. In my post, I'll show how a simple link can reveal your smartphoneโs location, demonstrate what a targeted user sees, how easy it is to set it up and how to prevent it
https://www.mobile-hacker.com/2025/06/10/seeker-how-a-simple-link-can-reveal-your-smartphones-location/
๐25๐คฃ24โค5๐ฉ2๐2๐ฟ2๐1๐ฅฑ1
Stryker - Android pentesting app with premium access now free until 2050!
Scan networks, launch exploits, and test web appsโall from your phone
Bonus: includes a list of suggested WiFi adapters and SimpleUSB tool for identifying USB devices on the go
https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
Scan networks, launch exploits, and test web appsโall from your phone
Bonus: includes a list of suggested WiFi adapters and SimpleUSB tool for identifying USB devices on the go
https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
๐26๐ฅ11โค9๐1
First Forensic Confirmation of Paragonโs iOS Mercenary Spyware Finds Journalists Targeted via iMessage zero-click exploit (CVE-2025-43200)
https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/
https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/
The Citizen Lab
Graphite Caught
On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists who consented to the technical analysis of their cases. In this report, we discuss key findings fromโฆ
๐12๐2๐1๐1
Media is too big
VIEW IN TELEGRAM
The Stryker app is now FREE!
Packed with tools for Wi-Fi auditing, network scanning, and more โ all from your Android device
๐I tested all of its features: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit
Packed with tools for Wi-Fi auditing, network scanning, and more โ all from your Android device
๐I tested all of its features: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit
โค19๐5๐ฅ3
Ghidra Is Best: Android Reverse Engineering
https://remyhax.xyz/posts/android-with-ghidra/
https://remyhax.xyz/posts/android-with-ghidra/
REMY HAX
Ghidra is best: Android Reverse Engineering
Ghidra is the best Android app RE tool. It just seems like itโs not, because the loader has easily fixed quirks. Let me demonstrate.
๐ค14๐5๐3๐3๐ฅด2
How to use ADB & fastboot in Termux without root
You can use non-rooted Android to unlock bootloader, run ADB commands, remove bloatware, flash ROM, or even root another Android
https://www.mobile-hacker.com/2025/06/16/how-to-run-adb-and-fastboot-on-a-non-rooted-android-smartphone-using-termux/
You can use non-rooted Android to unlock bootloader, run ADB commands, remove bloatware, flash ROM, or even root another Android
https://www.mobile-hacker.com/2025/06/16/how-to-run-adb-and-fastboot-on-a-non-rooted-android-smartphone-using-termux/
โค37๐1
Media is too big
VIEW IN TELEGRAM
How to fix Metasploit in Stryker
Metasploit stuck on init? Yoro from the Stryker community shared a script to fix it
script: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
Metasploit stuck on init? Yoro from the Stryker community shared a script to fix it
script: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
๐11๐2
Exploiting Unsanitized URL Handling and SQL Injection through Deep Links in iOS App: Write-up of Flipcoin Lab
https://infosecwriteups.com/exploiting-unsanitized-url-handling-sql-injection-via-deep-links-in-ios-app-write-up-of-flipcoin-066899b09fc2
https://infosecwriteups.com/exploiting-unsanitized-url-handling-sql-injection-via-deep-links-in-ios-app-write-up-of-flipcoin-066899b09fc2
Medium
Exploiting Unsanitized URL Handling and SQL Injection through Deep Links in iOS App: Write-up of Flipcoin Lab
Breaking Down Data Exfiltration via Unsanitized External URL Handling and SQL Injection through Deep Links
๐10๐คฎ6๐ฅ3๐1
Malicious Loan App Removed from iOS and Google Play App Store Posed Severe Risks to Users
https://blog.checkpoint.com/research/malicious-loan-app-removed-from-ios-and-google-play-app-store-posed-severe-risks-to-users/v
https://blog.checkpoint.com/research/malicious-loan-app-removed-from-ios-and-google-play-app-store-posed-severe-risks-to-users/v
๐ฅฑ8๐ฅด4๐2๐2๐คฎ2โค1
Your Mobile App, Their Playground: The Dark side of the Virtualization by GodFather malware
https://zimperium.com/blog/your-mobile-app-their-playground-the-dark-side-of-the-virtualization
https://zimperium.com/blog/your-mobile-app-their-playground-the-dark-side-of-the-virtualization
Zimperium
Your Mobile App, Their Playground: The Dark side of the Virtualization - Zimperium
true
โค10๐ฅ3๐1
Fake Play and Allegro Apps - a threat to Android users by Crocodilus banker
https://www.sirt.pl/falszywe-aplikacje-play-i-allegro-zagrozenie-dla-uzytkownikow-androida/
https://www.sirt.pl/falszywe-aplikacje-play-i-allegro-zagrozenie-dla-uzytkownikow-androida/
PREBYTES Security Incident Response Team
Faลszywe Aplikacje Play i Allegro - zagroลผenie dla uลผytkownikรณw Androida!
Jedna niepozorna aplikacja wystarczy, by ktoล przejฤ
ล kontrolฤ nad Twoim smartfonem โ od czytania wiadomoลci po wykonywanie przelewรณw. Jakie techniki stosujฤ
hakerzy i co moลผesz zrobiฤ, by chroniฤ swojฤ
prywatnoลฤ? Przeczytaj zanim pobierzesz faลszywฤ
aplikacjฤ.
โค13๐ฅฑ3๐2๐1