Google patched security issues in Chrome for Android, one of the exploit exists in the wild (CVE-2022-2294, CVE-2022-2295)
https://chromereleases.googleblog.com/2022/07/chrome-for-android-update.html

Toll fraud malware: How an Android application can drain your wallet
https://www.microsoft.com/security/blog/2022/06/30/toll-fraud-malware-how-an-android-application-can-drain-your-wallet/

Apple implemented "Lockdown Mode" in their devices from version 16 to protects users against spyware
"Hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware."
https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/

New malware detected on Google Play, 100.000+ users affected
https://blog.pradeo.com/pradeo-identifies-app-joker-malware-google-play

Guide to Reversing and Exploiting iOS binaries Part 2: ARM64 ROP Chains
https://www.inversecos.com/2022/06/guide-to-reversing-and-exploiting-ios.html

Heap Overflows on iOS ARM64: Heap Grooming, Use-After-Free (Part 3)
https://www.inversecos.com/2022/07/heap-overflows-on-ios-arm64-heap.html

Lock Screen Bypass Exploit of Android Devices (CVE-2022–20006)
https://medium.com/maverislabs/lock-screen-bypass-exploit-of-android-devices-cve-2022-20006-604958fcee3a

Session On Android – An App Wrapped in Signal
https://thebinaryhick.blog/2022/07/14/session-on-android-an-app-wrapped-in-signal/

Exploiting Android Vulnerabilities with Malicious Third-Party Apps (featuring Oversecured APK)
https://medium.com/@as3ng/exploiting-android-vulnerabilities-with-malicious-third-party-apps-featuring-oversecured-apk-adea3241ce49

Pegasus Spyware Used Against Thailand’s Pro-Democracy Movement
https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/

The first distribution of Android related malware by Turla APT group spoofing domain Ukrainian Azov Regiment
https://blog.google/threat-analysis-group/continued-cyber-activity-in-eastern-europe-observed-by-tag/

ARM 64 Assembly Series — Branch
https://valsamaras.medium.com/arm-64-assembly-series-branch-9ce820987fc6

Vodafone & Deutsche Telekom to introduce persistent user tracking by operator
https://blog.simpleanalytics.com/vodafone-deutsche-telekom-to-introduce-persistent-user-tracking

Ongoing Roaming Mantis smishing campaign targeting France
https://blog.sekoia.io/ongoing-roaming-mantis-smishing-campaign-targeting-france/

Joker, Facestealer and Coper banking malwares on Google Play store
https://www.zscaler.com/blogs/security-research/joker-facestealer-and-coper-banking-malwares-google-play-store

Android FOSS Apps List
List of open source Android applications for “de-google, de-samsung, de-microsoft, de-nsa etc.” your mobile phone
https://brainfucksec.github.io/android-foss-apps-list

New HiddenAds malware affects 1M+ users and hides on the Google Play Store
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-hiddenads-malware-that-runs-automatically-and-hides-on-google-play-1m-users-affected/

The Mobile Attack Surface
https://engineering.mercari.com/en/blog/entry/20220729-the-mobile-attack-surface/

DawDropper - Analysis Of New Android Banking Dropper that was available on Google Play
https://www.trendmicro.com/en_us/research/22/g/examining-new-dawdropper-banking-dropper-and-daas-on-the-dark-we.html

ARM 64 Assembly Series — Data Processing (Part 1)
https://valsamaras.medium.com/arm-64-assembly-series-data-processing-part-1-b6f6f877c56b

Finding bugs in the Linux Kernel Bluetooth Subsystem: Exploiting HCI socket cookie generation
Part 1: https://itayie.me/linux/2022/07/29/finding-bugs-in-the-linux-kernel-bt-subsystem-part-2.html
Part 2: https://itayie.me/linux/2022/07/29/finding-bugs-in-the-linux-kernel-bt-subsystem-part-1.html