Stryker - Android pentesting app with premium access now free until 2050!
Scan networks, launch exploits, and test web appsโall from your phone
Bonus: includes a list of suggested WiFi adapters and SimpleUSB tool for identifying USB devices on the go
https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
Scan networks, launch exploits, and test web appsโall from your phone
Bonus: includes a list of suggested WiFi adapters and SimpleUSB tool for identifying USB devices on the go
https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
๐26๐ฅ11โค9๐1
First Forensic Confirmation of Paragonโs iOS Mercenary Spyware Finds Journalists Targeted via iMessage zero-click exploit (CVE-2025-43200)
https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/
https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/
The Citizen Lab
Graphite Caught
On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists who consented to the technical analysis of their cases. In this report, we discuss key findings fromโฆ
๐12๐2๐1๐1
Media is too big
VIEW IN TELEGRAM
The Stryker app is now FREE!
Packed with tools for Wi-Fi auditing, network scanning, and more โ all from your Android device
๐I tested all of its features: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit
Packed with tools for Wi-Fi auditing, network scanning, and more โ all from your Android device
๐I tested all of its features: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit
โค19๐5๐ฅ3
Ghidra Is Best: Android Reverse Engineering
https://remyhax.xyz/posts/android-with-ghidra/
https://remyhax.xyz/posts/android-with-ghidra/
REMY HAX
Ghidra is best: Android Reverse Engineering
Ghidra is the best Android app RE tool. It just seems like itโs not, because the loader has easily fixed quirks. Let me demonstrate.
๐ค14๐5๐3๐3๐ฅด2
How to use ADB & fastboot in Termux without root
You can use non-rooted Android to unlock bootloader, run ADB commands, remove bloatware, flash ROM, or even root another Android
https://www.mobile-hacker.com/2025/06/16/how-to-run-adb-and-fastboot-on-a-non-rooted-android-smartphone-using-termux/
You can use non-rooted Android to unlock bootloader, run ADB commands, remove bloatware, flash ROM, or even root another Android
https://www.mobile-hacker.com/2025/06/16/how-to-run-adb-and-fastboot-on-a-non-rooted-android-smartphone-using-termux/
โค37๐1
Media is too big
VIEW IN TELEGRAM
How to fix Metasploit in Stryker
Metasploit stuck on init? Yoro from the Stryker community shared a script to fix it
script: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
Metasploit stuck on init? Yoro from the Stryker community shared a script to fix it
script: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
๐11๐2
Exploiting Unsanitized URL Handling and SQL Injection through Deep Links in iOS App: Write-up of Flipcoin Lab
https://infosecwriteups.com/exploiting-unsanitized-url-handling-sql-injection-via-deep-links-in-ios-app-write-up-of-flipcoin-066899b09fc2
https://infosecwriteups.com/exploiting-unsanitized-url-handling-sql-injection-via-deep-links-in-ios-app-write-up-of-flipcoin-066899b09fc2
Medium
Exploiting Unsanitized URL Handling and SQL Injection through Deep Links in iOS App: Write-up of Flipcoin Lab
Breaking Down Data Exfiltration via Unsanitized External URL Handling and SQL Injection through Deep Links
๐10๐คฎ6๐ฅ3๐1
Malicious Loan App Removed from iOS and Google Play App Store Posed Severe Risks to Users
https://blog.checkpoint.com/research/malicious-loan-app-removed-from-ios-and-google-play-app-store-posed-severe-risks-to-users/v
https://blog.checkpoint.com/research/malicious-loan-app-removed-from-ios-and-google-play-app-store-posed-severe-risks-to-users/v
๐ฅฑ8๐ฅด4๐2๐2๐คฎ2โค1
Your Mobile App, Their Playground: The Dark side of the Virtualization by GodFather malware
https://zimperium.com/blog/your-mobile-app-their-playground-the-dark-side-of-the-virtualization
https://zimperium.com/blog/your-mobile-app-their-playground-the-dark-side-of-the-virtualization
Zimperium
Your Mobile App, Their Playground: The Dark side of the Virtualization - Zimperium
true
โค10๐ฅ3๐1
Fake Play and Allegro Apps - a threat to Android users by Crocodilus banker
https://www.sirt.pl/falszywe-aplikacje-play-i-allegro-zagrozenie-dla-uzytkownikow-androida/
https://www.sirt.pl/falszywe-aplikacje-play-i-allegro-zagrozenie-dla-uzytkownikow-androida/
PREBYTES Security Incident Response Team
Faลszywe Aplikacje Play i Allegro - zagroลผenie dla uลผytkownikรณw Androida!
Jedna niepozorna aplikacja wystarczy, by ktoล przejฤ
ล kontrolฤ nad Twoim smartfonem โ od czytania wiadomoลci po wykonywanie przelewรณw. Jakie techniki stosujฤ
hakerzy i co moลผesz zrobiฤ, by chroniฤ swojฤ
prywatnoลฤ? Przeczytaj zanim pobierzesz faลszywฤ
aplikacjฤ.
โค13๐ฅฑ3๐2๐1
SpyMax โ A Fake Wedding Invitation App Targeting Indian Mobile Users
https://labs.k7computing.com/index.php/spymax-a-fake-wedding-invitation-app-targeting-indian-mobile-users/
https://labs.k7computing.com/index.php/spymax-a-fake-wedding-invitation-app-targeting-indian-mobile-users/
K7 Labs
SpyMax โ A Fake Wedding Invitation App Targeting Indian Mobile Users
We have recently received a report from an Android user, who is not a K7 customer, detailing fraudulent activity and [โฆ]
๐ฅฑ12โค6๐2๐ฑ1๐คฎ1๐ฅด1
SparkKitty, SparkCatโs little brother: A new Trojan spy found in the App Store and Google Play
https://securelist.com/sparkkitty-ios-android-malware/116793/
https://securelist.com/sparkkitty-ios-android-malware/116793/
Securelist
The new SparkKitty Trojan spy in the App Store and Google Play
SparkKitty, a new Trojan spy for iOS and Android, spreads through untrusted websites, the App Store, and Google Play, stealing images from users' galleries.
โค14๐ค2๐ฅฑ1
This media is not supported in your browser
VIEW IN TELEGRAM
FileFix โ New Alternative to ClickFix Attack
https://www.mobile-hacker.com/2025/06/24/introducing-filefix-a-new-alternative-to-clickfix-attacks/
https://www.mobile-hacker.com/2025/06/24/introducing-filefix-a-new-alternative-to-clickfix-attacks/
๐10โค3๐3๐ฅ2๐ด2
Reverse Engineering the Android Malware Targeting CBE Users
https://www.linkedin.com/pulse/reverse-engineering-new-android-malware-targeting-ukfie/
https://www.linkedin.com/pulse/reverse-engineering-new-android-malware-targeting-ukfie/
Linkedin
Reverse Engineering the New Android Malware Targeting CBE Users
Last week, some Android users received a notification from the Commercial Bank of Ethiopia stating that two active android malware apps are stealing money from CBE accounts. Pharma+ CBE Vacancy And as soon as our team saw the notification, we wanted to getโฆ
๐คฏ13๐2
Insecure Local Storage of Sensitive Payment and User Data on external storage by Airtel Android App (com.myairtelapp) (CVE-2025-5154)
https://github.com/honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data
https://github.com/honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data
GitHub
GitHub - honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data
Contribute to honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data development by creating an account on GitHub.
๐11โค2
How to debug binaries using GDB in Android within Termux
https://ad2001.com/blog/gdb-inside-device
https://ad2001.com/blog/gdb-inside-device
Ajin Deepak
A Quick and Dirty Way to Debug Inside Android with GDB
This covers a quick and dirty way to debug inside a rooted AVD using GDB + GEF.
๐13
A Tale of Breaking Android Decompilers and Unpackers
https://ad2001.com/blog/The%20Tale%20of%20Breaking%20Android%20Decompilers
https://ad2001.com/blog/The%20Tale%20of%20Breaking%20Android%20Decompilers
Ajin Deepak
A Tale of Breaking Android Decompilers and Unpackers.
We will explore how popular RATS like spynote used to / still breaking decompilers and Unpackers.
๐10
Bluetooth gap turns headphones into listening stations
CVE-2025-20700: Missing Authentication for GATT Services
CVE-2025-20701: Missing Authentication for Bluetooth BR/EDR
CVE-2025-20702: Critical Capabilities of a Custom Protocol
https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/
CVE-2025-20700: Missing Authentication for GATT Services
CVE-2025-20701: Missing Authentication for Bluetooth BR/EDR
CVE-2025-20702: Critical Capabilities of a Custom Protocol
https://insinuator.net/2025/06/airoha-bluetooth-security-vulnerabilities/
๐24
The Ullu app (Web, Android, iOS) parental PIN protection can be bypassed via brute force techniques (CVE-2025-45083) https://pastebin.com/mFM1a3CP
Pastebin
CVE-2025-45083 - FULL DISCLOSURE - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
๐14๐5๐4โ3