Kimsuky Distributing Malicious Mobile App via QR Code
https://www.enki.co.kr/en/media-center/blog/kimsuky-distributing-malicious-mobile-app-via-qr-code
https://www.enki.co.kr/en/media-center/blog/kimsuky-distributing-malicious-mobile-app-via-qr-code
www.enki.co.kr
Kimsuky Distributing Malicious Mobile App via QR Code | Enki White Hat
π8π₯5β€2π2
Analysis of CVE-2025-31200, a zero-day, zero-click RCE in iOS. Triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalation (CVE-2025-31201), and allowed token theft until patched in iOS 18.4.1 (Apr 16, 2025)
https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201
https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201
GitHub
GitHub - JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201: CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudioβsβ¦
CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudioβs AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalati...
π₯13π5π2β€1
CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC
https://faith2dxy.xyz/2025-12-22/cve_2025_38352_analysis/
PoC: https://github.com/farazsth98/poc-CVE-2025-38352
https://faith2dxy.xyz/2025-12-22/cve_2025_38352_analysis/
PoC: https://github.com/farazsth98/poc-CVE-2025-38352
faith2dxy.xyz
CVE-2025-38352 (Part 1) - In-the-wild Android Kernel Vulnerability Analysis + PoC
Analyzing and writing a PoC for CVE-2025-38352.
β‘7π4πΎ3π₯1
A New Stage in the Evolution of Android SMS Stealers in Uzbekistan
https://www.group-ib.com/blog/mobile-malware-uzbekistan/
https://www.group-ib.com/blog/mobile-malware-uzbekistan/
Group-IB
Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan
Group-IB analyzes the evolution of Android malware in Uzbekistan, revealing advanced droppers, encrypted payload delivery, anti-analysis techniques, and Wonderlandβs bidirectional SMS-stealing capabilities driving large-scale financial fraud.
β€6π5π₯3
DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices (CVE-2025-55177, CVE-2025-43300)
https://media.ccc.de/v/39c3-dngerouslink-a-deep-dive-into-whatsapp-0-click-exploits-on-ios-and-samsung-devices
https://media.ccc.de/v/39c3-dngerouslink-a-deep-dive-into-whatsapp-0-click-exploits-on-ios-and-samsung-devices
media.ccc.de
DNGerousLINK
The spyware attack targeting WhatsApp, disclosed in August as an in-the-wild exploit, garnered significant attention. By simply knowing a...
π13π₯6β€3π2
Android revers engineering and malware analysis notes
https://www.notion.so/Reverse-Engineering-8f11869a35fa4832a01896f1b503261f
https://www.notion.so/Malware-Analysis-e1006868cce24a769e0ca4349b87ef31
https://www.notion.so/Reverse-Engineering-8f11869a35fa4832a01896f1b503261f
https://www.notion.so/Malware-Analysis-e1006868cce24a769e0ca4349b87ef31
Secure's Notion on Notion
Reverse Engineering | Notion
@Android Internals Review
β€17π₯9π5
Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable Linux kernels v5.10.x.
https://github.com/farazsth98/chronomaly
https://github.com/farazsth98/chronomaly
GitHub
GitHub - farazsth98/chronomaly: Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerableβ¦
Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable Linux kernels v5.10.x. - farazsth98/chronomaly
π9β€4π4π1
Read, write, and emulate NFC cards on jailbroken iPhones
https://github.com/OwnGoalStudio/TrollNFC/
https://github.com/OwnGoalStudio/TrollNFC/
GitHub
GitHub - OwnGoalStudio/TrollNFC: A versatile tool for reading, writing, managing, and emulating NFC cards on your iPhone.
A versatile tool for reading, writing, managing, and emulating NFC cards on your iPhone. - OwnGoalStudio/TrollNFC
π12π€‘1π1
WhatsApp Vulnerabilities Leaked Usersβ Metadata Including Deviceβs Operating System Details
https://medium.com/@TalBeerySec/whatsapp-silent-fix-of-device-fingerprinting-privacy-issue-assessment-the-good-the-not-so-bad-9127b5215e28
https://medium.com/@TalBeerySec/whatsapp-silent-fix-of-device-fingerprinting-privacy-issue-assessment-the-good-the-not-so-bad-9127b5215e28
Medium
WhatsApp Silent Fix of Device Fingerprinting Privacy Issue Assessment: The Good, The (Not So) Badβ¦
TL;DR: Using our research tool, we discovered that WhatsApp is silently implementing fixes for device fingerprinting privacyβ¦
π17
Predator iOS Malware: Building a Surveillance Framework - Part 1
https://blog.reversesociety.co/blog/2025/predator-ios-malware-surveillance-framework-part-1
https://blog.reversesociety.co/blog/2025/predator-ios-malware-surveillance-framework-part-1
blog.reversesociety.co
Predator iOS Malware: Building a Surveillance Framework - Part 1 | Reverse Society
How does Predator spyware transform from running code into active surveillance? This technical deep-dive reverse-engineers the internal factory architecture that dynamically creates camera monitoring, VoIP interception, and keylogging modules through Unixβ¦
π10
Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android NFC Malware
https://www.group-ib.com/blog/ghost-tapped-chinese-malware/
https://www.group-ib.com/blog/ghost-tapped-chinese-malware/
Group-IB
Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware
Group-IB researchers detail the inner workings of Chinese tap-to-pay schemes on Telegram and examine the NFC-enabled Android apps fraudsters are using to steal money from victimβs bank cards and mobile wallets remotely.
π14β€2
Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Large Language Models (LLMs)
https://github.com/roomkangali/droid-llm-hunter
https://github.com/roomkangali/droid-llm-hunter
GitHub
GitHub - roomkangali/droid-llm-hunter: Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Largeβ¦
Droid LLM Hunter is a tool to scan for vulnerabilities in Android applications using Large Language Models (LLMs). - GitHub - roomkangali/droid-llm-hunter: Droid LLM Hunter is a tool to scan for ...
π₯13π1
Dalvik bytecode emulator for Android static analysis | String decryption | Multi-DEX | No Android runtime required
https://github.com/fatalSec/DaliVM
https://github.com/fatalSec/DaliVM
GitHub
GitHub - fatalSec/DaliVM: Dalvik bytecode emulator for Android static analysis | String decryption | Multi-DEX | No Android runtimeβ¦
Dalvik bytecode emulator for Android static analysis | String decryption | Multi-DEX | No Android runtime required - fatalSec/DaliVM
π20β€3
Frida-UI: Interact with Frida devices, processes, and scripts directly from your browser
https://github.com/adityatelange/frida-ui
https://github.com/adityatelange/frida-ui
GitHub
GitHub - adityatelange/frida-ui: Interact with Frida devices, processes, and scripts directly from your browser.
Interact with Frida devices, processes, and scripts directly from your browser. - adityatelange/frida-ui
π8
This media is not supported in your browser
VIEW IN TELEGRAM
One-click Telegram IP address leak
https://www.bleepingcomputer.com/news/security/hidden-telegram-proxy-links-can-reveal-your-ip-address-in-one-click/
Video by @0x6rss
https://www.bleepingcomputer.com/news/security/hidden-telegram-proxy-links-can-reveal-your-ip-address-in-one-click/
Video by @0x6rss
β€13π3π1
Play Integrity API: How It Works & How to Bypass It
https://m4kr0.vercel.app/posts/play-integrity-api-how-it-works--how-to-bypass-it/
https://m4kr0.vercel.app/posts/play-integrity-api-how-it-works--how-to-bypass-it/
M4KR0 Blog
Play Integrity API: How It Works & How to Bypass It - M4KR0 Blog
What's Play Interity API and how to bypass it
β€13β‘4π΄2π1π1
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
https://m4kr0.vercel.app/posts/flutter-ssl-bypass-how-to-intercept-https-traffic-when-all-other-frida-scripts-fail/
https://m4kr0.vercel.app/posts/flutter-ssl-bypass-how-to-intercept-https-traffic-when-all-other-frida-scripts-fail/
M4KR0 Blog
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail - M4KR0 Blog
my journey in intercepting HTTPS traffic from a APK based on Flutter
β€13π₯6π2
deVixor: An Evolving Android Banking RAT with Ransomware Capabilities Targeting Iran
https://cyble.com/blog/devixor-an-evolving-android-banking-rat-with-ransomware-capabilities-targeting-iran/
https://cyble.com/blog/devixor-an-evolving-android-banking-rat-with-ransomware-capabilities-targeting-iran/
Cyble
DeVixor: An Evolving Android Banking RAT With Ransomware Capabilities Targeting Iran - Cyble
Cyble analyzed deVixor, an advanced Android banking RAT with ransomware features actively targeting Iranian users.
β€11π3π€¬3π2π2
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
https://projectzero.google/2026/01/pixel-0-click-part-1.html
https://projectzero.google/2026/01/pixel-0-click-part-1.html
projectzero.google
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby - Project Zero
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One ef...
π₯8β€2π1
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
https://projectzero.google/2026/01/pixel-0-click-part-2.html
https://projectzero.google/2026/01/pixel-0-click-part-2.html
projectzero.google
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave - Project Zero
With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the res...
π6π2
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
https://projectzero.google/2026/01/pixel-0-click-part-3.html
https://projectzero.google/2026/01/pixel-0-click-part-3.html
projectzero.google
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here? - Project Zero
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our e...
π8π4