Update your iPhone
Apple patched two vulnerabilities have been exploited in the wild
CVE-2022-22675, the issue has been described as an out-of-bounds write vulnerability in an audio and video decoding component called AppleAVD that could allow an application to execute arbitrary code with kernel privileges
https://support.apple.com/en-us/HT213219

Complete dissection of an APK with a suspicious C2 Server
https://lab52.io/blog/complete-dissection-of-an-apk-with-a-suspicious-c2-server/

Fake e‑shops on the prowl for banking credentials using Android malware
https://www.welivesecurity.com/2022/04/06/fake-eshops-prowl-banking-credentials-android-malware/

Measurement SDK library (coelib.c.couluslibrary) implemented in various Android apps is responsible for collecting sensitive data such as Clipboard, GPS, Email, Phone Numbers, IMEI, SSID...
https://blog.appcensus.io/2022/04/06/the-curious-case-of-coulus-coelib/

Android SharkBot Banking Trojan Discovered On Google Play Store Hidden Behind 7 New Apps
https://research.checkpoint.com/2022/google-is-on-guard-sharks-shall-not-pass/

Start Arbitrary Activity App Components as the System User Vulnerability Affecting Samsung Android Devices (CVE-2022-22292)
https://www.kryptowire.com/blog/start-arbitrary-activity-app-components-as-the-system-user-vulnerability-affecting-samsung-android-devices/

iOS ASN.1 Vulnerability analysis (CVE-2021-30737) https://googleprojectzero.blogspot.com/2022/04/cve-2021-30737-xerubs-2021-ios-asn1.html

New Android banking trojan - Octo - is capable of on-device fraud via VNC was available on Google Play Store
https://threatfabric.com/blogs/octo-new-odf-banking-trojan.html

APT-C-23 Campaign Targeting Israeli Officials via malicious Android chat apps
https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials

Android Pentesting Setup On Macbook M1

https://magarajay538.medium.com/android-pentesting-setup-on-macbook-m1-d2f1f0a8db4b

[Beetlebug Android CTF] an open source insecure Android app with CTF challenges for Android Penetesters and Bug Bounty hunters
https://github.com/hafiz-ng/Beetlebug

The State of Mobile Stalkerware in 2021
https://securelist.com/the-state-of-stalkerware-in-2021/106193/

Android Fakecall Banker: A Trojan that masquerades as a banking app and imitates phone conversations with bank employees
https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/

Lol, I am running Kali NetHunter on smartwatches TicWatch Pro

No wifi support so far, but HID and nmap works fine 😁
https://www.instagram.com/p/CcP1r1mF_RJ/

Step-by-step guide to reverse an APK protected with DexGuard using Jadx
https://blog.lexfo.fr/dexguard.html

Detailed analysis of Android Escobar bot
https://valsamaras.medium.com/escobars-bot-post-mortem-b6221196d6a4

CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers

https://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html

Spyware Operation infected 63 targets with Pegasus (iOS), and four others with Candiru (Windows) spyware

-To compromise victims devices was used a previously-undisclosed iOS zero-click vulnerability called HOMAGE used by NSO Group
-Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations. Family members were also infected in some cases
https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/

Windows 11 ToolBox noscript used to add the Google Play Store to the Android Subsystem has secretly infected users with malicious noscripts
https://www.bleepingcomputer.com/news/security/windows-11-tool-to-add-google-play-secretly-installed-malware/

Mobile MitM: Intercepting your Android App Traffic On the Go

https://www.eff.org/deeplinks/2022/04/mobile-mitm-intercepting-your-android-app-traffic-go

A Year in Review of 0-days Used In-the-Wild in 2021 by Google
In 2021 there were 7 #Android in-the-wild 0-days detected and disclosed:
- Qualcomm Adreno GPU driver (CVE-2020-11261, CVE-2021-1905, CVE-2021-1906)
- ARM Mali GPU driver (CVE-2021-28663, CVE-2021-28664)
- Upstream Linux kernel (CVE-2021-1048, CVE-2021-0920)

For the 5 total #iOS and macOS in-the-wild 0-days, they targeted 3 different attack surfaces:
- IOMobileFrameBuffer (CVE-2021-30807, CVE-2021-30883)
- XNU Kernel (CVE-2021-1782 & CVE-2021-30869)
- CoreGraphics (CVE-2021-30860)
- CommCenter (FORCEDENTRY sandbox escape - CVE requested, not yet assigned)
https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html