Advanced Protection: Google’s Strongest Security for Mobile Devices
https://security.googleblog.com/2025/05/advanced-protection-mobile-devices.html

Hacking My Car, and probably yours— Security Flaws in Volkswagen’s App
https://loopsec.medium.com/hacking-my-car-and-probably-yours-security-flaws-in-volkswagens-app-24b34c47ba89

I was playing around with new and smaller HackRF PortaPack H4M
In a summary blog, you can find what's new with H4M, how to flash it, copy necessary data, and a couple of use-cases.
https://www.mobile-hacker.com/2025/05/19/hackrf-portapack-h4m-with-mayhem-firmware-a-powerful-handheld-sdr-toolkit/

Coding Without a Laptop - Two Weeks with AR Glasses and Linux on Android
https://holdtherobot.com/blog/2025/05/11/linux-on-android-with-ar-glasses/

O2 VoLTE: locating any customer with a phone call
https://mastdatabase.co.uk/blog/2025/05/o2-expose-customer-location-call-4g/

The State of iOS Jailbreaking in 2025
[slides] https://github.com/alfiecg24/Presentations/blob/main/The%20State%20of%20iOS%20Jailbreaking%20in%202025.pdf

This Video Can Exploit Your iPhone (CVE-2025-31200)
https://youtu.be/nTO3TRBW00E

Bypassing MTE with CVE-2025-0072
https://github.blog/security/vulnerability-research/bypassing-mte-with-cve-2025-0072/
Exploit: https://github.com/github/securitylab/tree/main/SecurityExploits/Android/Mali/CVE-2025-0072

Emulating a Bike Sensor
https://eybisi.run/Emulating-a-Bike-Sensor/

A strict iOS app that analyzes link safety like a nutrition label (no AI, offline)
https://github.com/sigfault-byte/LegitURL

Boost your Android threat detection capabilities 🤖

Modern mobile threats require dynamic tools for dynamic threats. With ANY.RUN’s Interactive Sandbox now supports Android, you can:
✅ Instantly detect threats with interactive analysis
✅ Understand APK behavior with fast access to threat details
✅ Extract IOCs and generate detailed reports in seconds
🎁 Special offer: Get extra Sandbox licenses to level up your mobile threat hunting.

Hurry up to get #ANYRUN birthday deals, ending May 31  👉 here is the link.

Analysis of GhostSpy Android RAT: Advanced Persistent RAT with Stealthy Remote Control and Uninstall Resistance
https://www.cyfirma.com/research/ghostspy-web-based-android-rat-advanced-persistent-rat-with-stealthy-remote-control-and-uninstall-resistance/

Zanubis: Tracing the active evolution of the Android banking malware
https://securelist.com/evolution-of-zanubis-banking-trojan-for-android/116588/

How to load unsigned or fake-signed apps on iOS
https://www.pentestpartners.com/security-blog/how-to-load-unsigned-or-fake-signed-apps-on-ios/

Vulnerabilities Found in Preinstalled apps on Android Smartphones
3rd party app installed on a device could misuse vulnerabilities to:
✅perform factory reset of device
✅exfiltrate PIN code
✅inject an arbitrary intent with system-level privileges
https://www.mobile-hacker.com/2025/06/02/security-issues-found-in-android-smartphones/

Reverse Engineer Android Apps for API Keys
https://pwn.guide/free/forensics/re-android

Analysis of CoreAudio ITW vulnerability (CVE-2025-31200) patched in iOS 18.4.1
https://blog.noahhw.dev/posts/cve-2025-31200/

Crocodilus Mobile Malware: Evolving Fast, Going Global
https://www.threatfabric.com/blogs/crocodilus-mobile-malware-evolving-fast-going-global

Android malware trends: Stealthier, easier-to-use
https://intel471.com/blog/android-malware-trends-stealthier-easier-to-use

Covert Web-to-App Tracking via Localhost on Android
A novel tracking method by Meta and Yandex potentially affecting billions of Android users
https://localmess.github.io/

Analysis of Spyware That Helped to Compromise a Syrian Army from Within
Smartphone espionage doesn’t need expensive exploits. Cheap tools like SpyMax with targeted phishing a social engineering can breach even military targets - no 0-days required
https://www.mobile-hacker.com/2025/06/05/analysis-of-spyware-that-helped-to-compromise-a-syrian-army-from-within/