Bruteforcing the phone number of any Google user
https://brutecat.com/articles/leaking-google-phones
https://brutecat.com/articles/leaking-google-phones
brutecat.com
Leaking the phone number of any Google user
From rate limits to no limits: How IPv6's massive address space and a crafty botguard bypass left every Google user's phone number vulnerable
👍17👏2🌚2😁1
Media is too big
VIEW IN TELEGRAM
Can your phone be tracked without installing any malicious app?
Yes. In my post, I'll show how a simple link can reveal your smartphone’s location, demonstrate what a targeted user sees, how easy it is to set it up and how to prevent it
https://www.mobile-hacker.com/2025/06/10/seeker-how-a-simple-link-can-reveal-your-smartphones-location/
Yes. In my post, I'll show how a simple link can reveal your smartphone’s location, demonstrate what a targeted user sees, how easy it is to set it up and how to prevent it
https://www.mobile-hacker.com/2025/06/10/seeker-how-a-simple-link-can-reveal-your-smartphones-location/
👍25🤣24❤5💩2🌚2🗿2😁1🥱1
Stryker - Android pentesting app with premium access now free until 2050!
Scan networks, launch exploits, and test web apps—all from your phone
Bonus: includes a list of suggested WiFi adapters and SimpleUSB tool for identifying USB devices on the go
https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
Scan networks, launch exploits, and test web apps—all from your phone
Bonus: includes a list of suggested WiFi adapters and SimpleUSB tool for identifying USB devices on the go
https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
👍26🔥11❤9👎1
First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted via iMessage zero-click exploit (CVE-2025-43200)
https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/
https://citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/
The Citizen Lab
Graphite Caught
On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists who consented to the technical analysis of their cases. In this report, we discuss key findings from…
🌚12👍2👎1😁1
Media is too big
VIEW IN TELEGRAM
The Stryker app is now FREE!
Packed with tools for Wi-Fi auditing, network scanning, and more — all from your Android device
👉I tested all of its features: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit
Packed with tools for Wi-Fi auditing, network scanning, and more — all from your Android device
👉I tested all of its features: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit
❤19👍5🔥3
How to use ADB & fastboot in Termux without root
You can use non-rooted Android to unlock bootloader, run ADB commands, remove bloatware, flash ROM, or even root another Android
https://www.mobile-hacker.com/2025/06/16/how-to-run-adb-and-fastboot-on-a-non-rooted-android-smartphone-using-termux/
You can use non-rooted Android to unlock bootloader, run ADB commands, remove bloatware, flash ROM, or even root another Android
https://www.mobile-hacker.com/2025/06/16/how-to-run-adb-and-fastboot-on-a-non-rooted-android-smartphone-using-termux/
❤37👍1
Media is too big
VIEW IN TELEGRAM
How to fix Metasploit in Stryker
Metasploit stuck on init? Yoro from the Stryker community shared a noscript to fix it
noscript: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
Metasploit stuck on init? Yoro from the Stryker community shared a noscript to fix it
noscript: https://www.mobile-hacker.com/2025/06/12/stryker-app-goes-free-the-ultimate-mobile-pentesting-toolkit/
👏11👍1
Exploiting Unsanitized URL Handling and SQL Injection through Deep Links in iOS App: Write-up of Flipcoin Lab
https://infosecwriteups.com/exploiting-unsanitized-url-handling-sql-injection-via-deep-links-in-ios-app-write-up-of-flipcoin-066899b09fc2
https://infosecwriteups.com/exploiting-unsanitized-url-handling-sql-injection-via-deep-links-in-ios-app-write-up-of-flipcoin-066899b09fc2
Medium
Exploiting Unsanitized URL Handling and SQL Injection through Deep Links in iOS App: Write-up of Flipcoin Lab
Breaking Down Data Exfiltration via Unsanitized External URL Handling and SQL Injection through Deep Links
🌚10🤮6🔥3👍1
Malicious Loan App Removed from iOS and Google Play App Store Posed Severe Risks to Users
https://blog.checkpoint.com/research/malicious-loan-app-removed-from-ios-and-google-play-app-store-posed-severe-risks-to-users/v
https://blog.checkpoint.com/research/malicious-loan-app-removed-from-ios-and-google-play-app-store-posed-severe-risks-to-users/v
🥱8🥴4👍2👎2🤮2❤1
Your Mobile App, Their Playground: The Dark side of the Virtualization by GodFather malware
https://zimperium.com/blog/your-mobile-app-their-playground-the-dark-side-of-the-virtualization
https://zimperium.com/blog/your-mobile-app-their-playground-the-dark-side-of-the-virtualization
Zimperium
Your Mobile App, Their Playground: The Dark side of the Virtualization - Zimperium
true
❤10🔥3🌚1
Fake Play and Allegro Apps - a threat to Android users by Crocodilus banker
https://www.sirt.pl/falszywe-aplikacje-play-i-allegro-zagrozenie-dla-uzytkownikow-androida/
https://www.sirt.pl/falszywe-aplikacje-play-i-allegro-zagrozenie-dla-uzytkownikow-androida/
PREBYTES Security Incident Response Team
Fałszywe Aplikacje Play i Allegro - zagrożenie dla użytkowników Androida!
Jedna niepozorna aplikacja wystarczy, by ktoś przejął kontrolę nad Twoim smartfonem – od czytania wiadomości po wykonywanie przelewów. Jakie techniki stosują hakerzy i co możesz zrobić, by chronić swoją prywatność? Przeczytaj zanim pobierzesz fałszywą aplikację.
❤13🥱3👎2🌚1
SpyMax – A Fake Wedding Invitation App Targeting Indian Mobile Users
https://labs.k7computing.com/index.php/spymax-a-fake-wedding-invitation-app-targeting-indian-mobile-users/
https://labs.k7computing.com/index.php/spymax-a-fake-wedding-invitation-app-targeting-indian-mobile-users/
K7 Labs
SpyMax – A Fake Wedding Invitation App Targeting Indian Mobile Users
We have recently received a report from an Android user, who is not a K7 customer, detailing fraudulent activity and […]
🥱12❤6👎2😱1🤮1🥴1
SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play
https://securelist.com/sparkkitty-ios-android-malware/116793/
https://securelist.com/sparkkitty-ios-android-malware/116793/
Securelist
The new SparkKitty Trojan spy in the App Store and Google Play
SparkKitty, a new Trojan spy for iOS and Android, spreads through untrusted websites, the App Store, and Google Play, stealing images from users' galleries.
❤14🤔2🥱1
This media is not supported in your browser
VIEW IN TELEGRAM
FileFix – New Alternative to ClickFix Attack
https://www.mobile-hacker.com/2025/06/24/introducing-filefix-a-new-alternative-to-clickfix-attacks/
https://www.mobile-hacker.com/2025/06/24/introducing-filefix-a-new-alternative-to-clickfix-attacks/
😈10❤3🌚3😴2🔥1
Reverse Engineering the Android Malware Targeting CBE Users
https://www.linkedin.com/pulse/reverse-engineering-new-android-malware-targeting-ukfie/
https://www.linkedin.com/pulse/reverse-engineering-new-android-malware-targeting-ukfie/
Linkedin
Reverse Engineering the New Android Malware Targeting CBE Users
Last week, some Android users received a notification from the Commercial Bank of Ethiopia stating that two active android malware apps are stealing money from CBE accounts. Pharma+ CBE Vacancy And as soon as our team saw the notification, we wanted to get…
🤯13🌚2
Insecure Local Storage of Sensitive Payment and User Data on external storage by Airtel Android App (com.myairtelapp) (CVE-2025-5154)
https://github.com/honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data
https://github.com/honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data
GitHub
GitHub - honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data
Contribute to honestcorrupt/-CVE-Proof-of-Concept-Airtel-Android-App-Insecure-Local-Storage-of-Sensitive-Data development by creating an account on GitHub.
🌚11❤2