Flipper zero can root Xiaomi vaccum robot using usb uart app
https://www.reddit.com/r/flipperzero/comments/13sabij/flipper_zero_can_be_used_for_xiaomi_vaccum_robot/
Tutorial: https://builder.dontvacuum.me/dreame/

Permhash: The permhash framework can be used to identify previously unknown APK, CRX, AXML samples through pivoting and clustering
Tool: https://github.com/google/permhash
Research: https://www.mandiant.com/resources/blog/permhash-no-curls-necessary

Android apps containing spyware SpinOk module was discovered in 101 apps on Google Play Store with alltogether 421,000,000+ install
It can exfiltrate:
- list of files in specified directories,
- verify the presence of a specified file or a directory on the device,
- file from the device, and
- copy or substitute the clipboard contents
https://news.drweb.com/show/?lng=en&i=14705

Android DogeRAT: Technical analysis of open-source Android Remote Access Trojan (RAT)
https://cloudsek.com/blog/dogerat-the-android-malware-campaign-targeting-users-across-multiple-industries

Crash WhatsApp using one message
Video demo how it is possible to crash group chat using one message. If you open the chat, WhatsApp will always crash.
✅️To temporarily fix the issue, you have to remove the crash message using WhatsApp web
https://www.instagram.com/reel/Cs3iGe3ORuw/?igshid=MzRlODBiNWFlZA==

Beautifying Native Android Code in Ghidra!
We partially native APK, extract the native binaries, and analyze the native ELF binary
https://youtu.be/sK_jsQ5bJUk

Operation Triangulation: iOS devices targeted with previously unknown malware
This malware compromised several Kaspersky employees: The target iOS device receives a message via the iMessage service, with an attachment containing an exploit. Without any user interaction, the message triggers a vulnerability that leads to code execution.
https://securelist.com/operation-triangulation/109842/

CVE-2023-20963: 0-day in Android's Parcel serialization/deserialization which was used in-the-wild by the Pinduoduo app
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-20963.html

Binder Trace: Tool for intercepting and parsing Android Binder messages Think of it as "Wireshark for Binder"
https://github.com/foundryzero/binder-trace

iOS Deep Link attacks Part 2 – Exploitation
https://8ksec.io/ios-deep-link-attacks-part-2-exploitation-8ksec-blogs/

An active Android campaign pushes adware to Android devices with the purpose of driving revenue
https://www.bitdefender.com/blog/labs/tens-of-thousands-of-compromised-android-apps-found-by-bitdefender-anomaly-detection-technology/

iOS pentesting 101
How to setup iOS environment
https://securitycafe.ro/2023/06/12/mobile-pentesting-101-how-to-set-up-your-ios-environment/

Cloud Mining Scam Distributes Roamer Android Banking Trojan
https://blog.cyble.com/2023/06/14/cloud-mining-scam-distributes-roamer-banking-trojan/

Discovered Android GravityRAT malware being distributed as the BingeChat and Chatico messaging apps
https://www.welivesecurity.com/2023/06/15/android-gravityrat-goes-after-whatsapp-backups/

Android Malware Impersonates ChatGPT-Themed Applications
https://unit42.paloaltonetworks.com/android-malware-poses-as-chatgpt/

DoNot APT Elevates its Tactics by Deploying Malicious Android Apps on Google Play Store impersonating VPN apps (iKHfaa VPN and nSure Chat)
https://www.cyfirma.com/outofband/donot-apt-elevates-its-tactics-by-deploying-malicious-android-apps-on-google-play-store/

Leveraging Android Permissions: A Solver Approach (CVE-2023-20947)
https://blog.thalium.re/posts/leveraging-android-permissions/

Analysis of Triangulation iOS spyware implant
https://securelist.com/triangledb-triangulation-implant/110050/

Reversing Flutter apps: Dart’s Small Integers
https://cryptax.medium.com/reversing-flutter-apps-darts-small-integers-b922d7fae7d9

The State of Android (Banking) Malware: Insights from 2022 and Predictions for 2023
https://www.threatfabric.com/hubfs/ThreatFabric_Generic_Report-The%20State%20of%20Android%20Banking%20Malware%202022.pdf