APK Tool GUI: GUI for apktool, signapk, zipalign and baksmali utilities
https://github.com/AndnixSH/APKToolGUI
https://github.com/AndnixSH/APKToolGUI
π₯°18β€14π6π₯΄4π3π2π₯±2
GhostBat RAT: Inside the Resurgence of RTO-Themed Android Malware
https://cyble.com/blog/ghostbat-rat-inside-the-resurgence-of-rto-themed-android-malware/
https://cyble.com/blog/ghostbat-rat-inside-the-resurgence-of-rto-themed-android-malware/
π10π3π»2
Modern iOS Security Features β A Deep Dive into SPTM, TXM, and Exclaves
https://arxiv.org/pdf/2510.09272
https://arxiv.org/pdf/2510.09272
β€10π3β‘2
[beginners] Android Intents: operation, security and examples of attacks
https://mobeta-fr.translate.goog/android-intent-hijacking-pentest-mobile/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en
https://mobeta-fr.translate.goog/android-intent-hijacking-pentest-mobile/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en
Mobeta
Intents Android (1/2) : fonctionnement, sΓ©curitΓ© et exemples d'attaques | Mobeta
Les Intents Android mal configurΓ©s peuvent exposer vos donnΓ©es. DΓ©couvrez comment Γ©viter lβintent hijacking et sΓ©curiser vos applications.
π₯19π5β€1
New Android BEERUS framework for dynamic analysis & reverse engineering
BEERUS brings Frida auto-injection, sandbox exfiltration, memory dumps, Magisk integration and more for on device app analysis.
https://github.com/hakaioffsec/beerus-android
BEERUS brings Frida auto-injection, sandbox exfiltration, memory dumps, Magisk integration and more for on device app analysis.
https://github.com/hakaioffsec/beerus-android
π22π₯14β€4π€£4π1
0-click vulnerability in Dolby's DDPlus decoder affected Android (CVE-2025-54957)
A malformed audio file can trigger an out-of-bounds write due to integer overflow in evolution data handlingβleading to memory corruption and crashes.
Android decodes audio messages locally, making this exploitable without user interaction.
Reproduction: Just send a crafted RCS voice message (dolby_android_crash.mp4)
Details: https://project-zero.issues.chromium.org/issues/428075495
A malformed audio file can trigger an out-of-bounds write due to integer overflow in evolution data handlingβleading to memory corruption and crashes.
Android decodes audio messages locally, making this exploitable without user interaction.
Reproduction: Just send a crafted RCS voice message (dolby_android_crash.mp4)
Details: https://project-zero.issues.chromium.org/issues/428075495
π€―24β€11π4π3π₯3
MCGDroid: An Android Malware Classification Method Based on Multi-Feature Class-Call Graph Characterization
https://www.sciencedirect.com/science/article/abs/pii/S016740482500402X
https://www.sciencedirect.com/science/article/abs/pii/S016740482500402X
β‘12π4π€3π₯°1π1
EnFeSTDroid: Ensembled feature selection techniques based Android malware detection
https://www.sciencedirect.com/science/article/pii/S0045790625007062
https://www.sciencedirect.com/science/article/pii/S0045790625007062
π10π2
A vulnerability in DuckDuckGoβs Android browser allows file exfiltration via malicious intent:// URLs to gain access to a victimβs Sync account data such as account credentials and email protection information (CVE-2025-48464)
https://tuxplorer.com/posts/dont-leave-me-outdated/
https://tuxplorer.com/posts/dont-leave-me-outdated/
π₯29π6π3π€‘3
Account takeover in Android app via JavaScript bridge
A misconfigured addJavascriptInterface + flawed domain validation + javascript:// trick enabled full cookie exfiltration via WebView.
Exploit chain: JSB dispatcher β file access handler β bypass via newline injection.
Payload:
Delivered via deeplink.
Executed JSB call to toBase64.
Read Cookies file from app sandbox.
Exfiltrated session data via callback.
https://tuxplorer.com/posts/account-takeover-via-jsb/
A misconfigured addJavascriptInterface + flawed domain validation + javascript:// trick enabled full cookie exfiltration via WebView.
Exploit chain: JSB dispatcher β file access handler β bypass via newline injection.
Payload:
Delivered via deeplink.
Executed JSB call to toBase64.
Read Cookies file from app sandbox.
Exfiltrated session data via callback.
https://tuxplorer.com/posts/account-takeover-via-jsb/
π12π₯5β€2
Forwarded from The Bug Bounty Hunter
Practical Android Pentesting: A Case Study on TikTok RCE
https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6
https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6
Medium
Practical Android Pentesting: A Case Study on TikTok RCE
From Universal XSS to native library hijacking: A comprehensive guide to Android exploitation using WebViews, Intent abuse, and Zip Slip.
β€24π₯8π1
Patching Android ARM64 library initializers for easy Frida instrumentation and debugging
https://blog.nviso.eu/2025/10/14/patching-android-arm64-library-initializers-for-easy-frida-instrumentation-and-debugging/
https://blog.nviso.eu/2025/10/14/patching-android-arm64-library-initializers-for-easy-frida-instrumentation-and-debugging/
NVISO Labs
Patching Android ARM64 libraries for Frida instrumentation
Discover techniques for Android ARM64 library patching and Frida instrumentation.
β€21π5π3
HyperRat β A New Android RAT Sold On Cybercrime Networks
https://iverify.io/blog/hyperrat-a-new-android-rat-sold-on-cybercrime-networks
https://iverify.io/blog/hyperrat-a-new-android-rat-sold-on-cybercrime-networks
iverify.io
HyperRat β A New Android RAT Sold On Cybercrime Networks
Discover HyperRat, an Android remote access tool being sold on cybercrime forums. Learn about its features, how it operates, and its impact on cybersecurity.ο»Ώ
β€15π€¨4π€¬2π1π₯1π©1π€‘1
Modding And Distributing Mobile Apps with Frida
https://pit.bearblog.dev/modding-and-distributing-mobile-apps-with-frida/
https://pit.bearblog.dev/modding-and-distributing-mobile-apps-with-frida/
Pit'sΒ Proof Of Concept
Modding And Distributing Mobile Apps with Frida
Walkthrough of how to embed frida scripts in apps to distribute proper mods. Supports frida 17+.
β€7π₯°6π3π2
Android backdoor hijacks Telegram accounts, gaining complete control over them
https://news.drweb.com/show/?i=15076&lng=en&c=5
https://news.drweb.com/show/?i=15076&lng=en&c=5
Dr.Web
Baohuo, the gray eminence. Android backdoor hijacks Telegram accounts, gaining complete control over them
Doctor Web has identified a dangerous backdoor, <a href="https://vms.drweb.com/search/?q=Android.Backdoor.Baohuo.1.origin&lng=en"><b>Android.Backdoor.Baohuo.1.origin</b></a>, in maliciously modified versions of the Telegram X messenger. In addition to beingβ¦
β€12π4π±3π1
How 1-click iOS exploit chains work (WebKit exploitation basics)
https://youtu.be/o6mVgygo-hk
https://youtu.be/o6mVgygo-hk
YouTube
How 1-Click Can Hack Your iPhone
Are you a security researcher or reverse engineer?
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individualsβ¦
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individualsβ¦
π16β€12π2
Vulnerability in Google Messages for Wear OS resulted in invoking intents to send messages without permission (CVE-2025-12080) and awarded $2,250.00 by Google
Blog: https://towerofhanoi.it/writeups/cve-2025-12080/
PoC: https://github.com/io-no/CVE-Reports/tree/main/CVE-2025-12080
Blog: https://towerofhanoi.it/writeups/cve-2025-12080/
PoC: https://github.com/io-no/CVE-Reports/tree/main/CVE-2025-12080
β€23π5π₯4