Android In-The-Wild: Unexpectedly Excavating a Kernel Exploit
https://www.youtube.com/watch?v=lnK1iACJ3-c
https://www.youtube.com/watch?v=lnK1iACJ3-c
YouTube
OffensiveCon25 - Seth Jenkins - Android In-The-Wild: Unexpectedly Excavating a Kernel Exploit
https://www.offensivecon.org/speakers/2025/seth-jenkins.html
❤10🌚1
BrutDroid — Android Security Toolkit that automates tedious emulator setup with one command (emulator, Magisk, Frida, Burp certificates, etc.)
https://github.com/Brut-Security/BrutDroid/
https://github.com/Brut-Security/BrutDroid/
👍17🌚2
Android lock screen data leak (Awarded $500)
Due to a lock screen race its possible to leak interactive app contents since app launches show on the lock screen temporarily
https://ndevtk.github.io/writeups/2025/06/06/android-leak/
Due to a lock screen race its possible to leak interactive app contents since app launches show on the lock screen temporarily
https://ndevtk.github.io/writeups/2025/06/06/android-leak/
Writeups
Android lock screen data leak (Awarded $500)
Due to a lock screen race its possible to leak interactive app contents since app launches show on the lock screen temporarily.
🌚12🗿4❤2
Over 20 Crypto Phishing Applications Found on the Play Store Stealing Mnemonic Phrases
https://cyble.com/blog/crypto-phishing-applications-on-the-play-store/
https://cyble.com/blog/crypto-phishing-applications-on-the-play-store/
Cyble
Crypto Phishing Applications On The Play Store
CRIL discovers over 20 malicious apps targeting crypto wallet users with phishing tactics and Play Store distribution under compromised developer accounts.
🌚7❤2👍1😁1💔1
Locating Smartphones Using Seeker: How a Simple Link Can Reveal Your Smartphone’s Location
https://www.mobile-hacker.com/2025/06/10/seeker-how-a-simple-link-can-reveal-your-smartphones-location/
https://www.mobile-hacker.com/2025/06/10/seeker-how-a-simple-link-can-reveal-your-smartphones-location/
❤17🥱7🔥3🤯2🌚2👍1
Bruteforcing the phone number of any Google user
https://brutecat.com/articles/leaking-google-phones
https://brutecat.com/articles/leaking-google-phones
brutecat.com
Leaking the phone number of any Google user
From rate limits to no limits: How IPv6's massive address space and a crafty botguard bypass left every Google user's phone number vulnerable
👍17👏2🌚2😁1
Media is too big
VIEW IN TELEGRAM
Can your phone be tracked without installing any malicious app?
Yes. In my post, I'll show how a simple link can reveal your smartphone’s location, demonstrate what a targeted user sees, how easy it is to set it up and how to prevent it
https://www.mobile-hacker.com/2025/06/10/seeker-how-a-simple-link-can-reveal-your-smartphones-location/
Yes. In my post, I'll show how a simple link can reveal your smartphone’s location, demonstrate what a targeted user sees, how easy it is to set it up and how to prevent it
https://www.mobile-hacker.com/2025/06/10/seeker-how-a-simple-link-can-reveal-your-smartphones-location/
👍25🤣24❤5💩2🌚2🗿2😁1🥱1
Stryker - Android pentesting app with premium access now free until 2050!
Scan networks, launch exploits, and test web apps—all from your phone
Bonus: includes a list of suggested WiFi adapters and SimpleUSB tool for identifying USB devices on the go
https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
Scan networks, launch exploits, and test web apps—all from your phone
Bonus: includes a list of suggested WiFi adapters and SimpleUSB tool for identifying USB devices on the go
https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
👍26🔥11❤9👎1
First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted via iMessage zero-click exploit (CVE-2025-43200)
https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/
https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/
The Citizen Lab
Graphite Caught
On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists who consented to the technical analysis of their cases. In this report, we discuss key findings from…
🌚12👍2👎1😁1
Media is too big
VIEW IN TELEGRAM
The Stryker app is now FREE!
Packed with tools for Wi-Fi auditing, network scanning, and more — all from your Android device
👉I tested all of its features: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit
Packed with tools for Wi-Fi auditing, network scanning, and more — all from your Android device
👉I tested all of its features: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit
❤19👍5🔥3
How to use ADB & fastboot in Termux without root
You can use non-rooted Android to unlock bootloader, run ADB commands, remove bloatware, flash ROM, or even root another Android
https://www.mobile-hacker.com/2025/06/16/how-to-run-adb-and-fastboot-on-a-non-rooted-android-smartphone-using-termux/
You can use non-rooted Android to unlock bootloader, run ADB commands, remove bloatware, flash ROM, or even root another Android
https://www.mobile-hacker.com/2025/06/16/how-to-run-adb-and-fastboot-on-a-non-rooted-android-smartphone-using-termux/
❤37👍1
Media is too big
VIEW IN TELEGRAM
How to fix Metasploit in Stryker
Metasploit stuck on init? Yoro from the Stryker community shared a noscript to fix it
noscript: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
Metasploit stuck on init? Yoro from the Stryker community shared a noscript to fix it
noscript: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
👏11👍1
Exploiting Unsanitized URL Handling and SQL Injection through Deep Links in iOS App: Write-up of Flipcoin Lab
https://infosecwriteups.com/exploiting-unsanitized-url-handling-sql-injection-via-deep-links-in-ios-app-write-up-of-flipcoin-066899b09fc2
https://infosecwriteups.com/exploiting-unsanitized-url-handling-sql-injection-via-deep-links-in-ios-app-write-up-of-flipcoin-066899b09fc2
Medium
Exploiting Unsanitized URL Handling and SQL Injection through Deep Links in iOS App: Write-up of Flipcoin Lab
Breaking Down Data Exfiltration via Unsanitized External URL Handling and SQL Injection through Deep Links
🌚10🤮6🔥3👍1
Malicious Loan App Removed from iOS and Google Play App Store Posed Severe Risks to Users
https://blog.checkpoint.com/research/malicious-loan-app-removed-from-ios-and-google-play-app-store-posed-severe-risks-to-users/v
https://blog.checkpoint.com/research/malicious-loan-app-removed-from-ios-and-google-play-app-store-posed-severe-risks-to-users/v
🥱8🥴4👍2👎2🤮2❤1
Your Mobile App, Their Playground: The Dark side of the Virtualization by GodFather malware
https://zimperium.com/blog/your-mobile-app-their-playground-the-dark-side-of-the-virtualization
https://zimperium.com/blog/your-mobile-app-their-playground-the-dark-side-of-the-virtualization
Zimperium
Your Mobile App, Their Playground: The Dark side of the Virtualization - Zimperium
true
❤10🔥3🌚1
Fake Play and Allegro Apps - a threat to Android users by Crocodilus banker
https://www.sirt.pl/falszywe-aplikacje-play-i-allegro-zagrozenie-dla-uzytkownikow-androida/
https://www.sirt.pl/falszywe-aplikacje-play-i-allegro-zagrozenie-dla-uzytkownikow-androida/
PREBYTES Security Incident Response Team
Fałszywe Aplikacje Play i Allegro - zagrożenie dla użytkowników Androida!
Jedna niepozorna aplikacja wystarczy, by ktoś przejął kontrolę nad Twoim smartfonem – od czytania wiadomości po wykonywanie przelewów. Jakie techniki stosują hakerzy i co możesz zrobić, by chronić swoją prywatność? Przeczytaj zanim pobierzesz fałszywą aplikację.
❤13🥱3👎2🌚1