Taking over 60k spyware user accounts with SQL injection
https://ericdaigle.ca/posts/taking-over-60k-spyware-user-accounts/
https://ericdaigle.ca/posts/taking-over-60k-spyware-user-accounts/
Eric Daigle
Taking over 60k spyware user accounts with SQL injection
Serverless means it's secure, right?
🔥18🌚1
Vibe Hacking with Nmap using Android
https://www.mobile-hacker.com/2025/07/07/vibe-hacking-with-nmap-using-android/
https://www.mobile-hacker.com/2025/07/07/vibe-hacking-with-nmap-using-android/
🤮14🌚7🥴6🤡5❤3🍌3👍2😈2👏1💩1🎅1
How to Install Gemini CLI on Android using Termux
https://www.mobile-hacker.com/2025/07/09/how-to-install-gemini-cli-on-android-using-termux/
https://www.mobile-hacker.com/2025/07/09/how-to-install-gemini-cli-on-android-using-termux/
❤14🤔7👏3
Anatsa Android Banking Trojan Infects 90,000 Users via Fake PDF App on Google Play
https://www.threatfabric.com/blogs/anatsa-targets-north-america-uses-proven-mobile-campaign-process
https://www.threatfabric.com/blogs/anatsa-targets-north-america-uses-proven-mobile-campaign-process
ThreatFabric
Anatsa Targets North America; Uses Proven Mobile Campaign Process
Anatsa targets North America again: ThreatFabric uncovers a new Android banking Trojan campaign using Google Play to compromise mobile banking apps.
😍7❤3🥱1🌚1
Media is too big
VIEW IN TELEGRAM
TapTrap: It’s attack on Android where a dedicated app uses animation to lure you into tapping on the screen and performing unwanted actions without your consent #Tapjacking
TapTrap to enable camera access for a website via Chrome browser.
https://taptrap.click/
TapTrap to enable camera access for a website via Chrome browser.
https://taptrap.click/
👍21❤3🤯3
The first version of Bitchat Android app was published
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
❤16🌚2
Media is too big
VIEW IN TELEGRAM
How to setup Hijacker app on Samsung Galaxy S10 with wireless injection
https://forums.kali.org/t/hijacker-on-the-samsung-galaxy-s10-with-wireless-injection/10305
https://forums.kali.org/t/hijacker-on-the-samsung-galaxy-s10-with-wireless-injection/10305
🌚10🔥1
PerfektBlue Bluetooth attack allows hacking using 1-click RCE infotainment systems of Mercedes, Volkswagen, and Skoda (CVE-2024-45431, CVE-2024-45432, CVE-2024-45433, CVE-2024-45434)
https://perfektblue.pcacybersecurity.com/
https://perfektblue.pcacybersecurity.com/
PerfektBlue
PerfektBlue – 1-Click RCE in Bluetooth
PCA Team uncovered critical over-the-air attack chain, enabling 1-click Remote Code Execution (RCE) in vulnerable devices. Affected manufacturers include Volkswagen, Mercedes-Benz and Skoda.
🌚17🔥1
How Malicious Android Apps Can Impersonate Yours Using Deep Links
https://medium.com/@frankheat/how-malicious-android-apps-can-impersonate-yours-using-deep-links-8eac7f245aaf
https://medium.com/@frankheat/how-malicious-android-apps-can-impersonate-yours-using-deep-links-8eac7f245aaf
Medium
How Malicious Android Apps Can Impersonate Yours Using Deep Links
Hey, I’m frankheat. As a penetration tester, I focus on often-missed attack vectors. One of the more effective ones I’ve analyzed recently…
❤16🌚3👎1
Media is too big
VIEW IN TELEGRAM
Chat without internet via Bluetooth
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
Info: https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
Download the latest app: https://github.com/permissionlesstech/bitchat-android/releases
It is open-source, private, secure messaging app without needing the internet, that relies on Bluetooth mesh network
Info: https://www.mobile-hacker.com/2025/07/10/offline-encrypted-and-private-messaging-using-new-bitchat-bluetooth-app/
Download the latest app: https://github.com/permissionlesstech/bitchat-android/releases
👨💻13👍1
Shizuku unlocks advanced functionality on any Android
Using Shizuku app your Android gains ADB (Shell) privileges to remove bloatware, list running processes, open listening ports, view stored Wi-Fi passwords, inspect logcat of other apps, enable/disable specific Android app components etc.
https://www.mobile-hacker.com/2025/07/14/shizuku-unlocking-advanced-android-capabilities-without-root/
Using Shizuku app your Android gains ADB (Shell) privileges to remove bloatware, list running processes, open listening ports, view stored Wi-Fi passwords, inspect logcat of other apps, enable/disable specific Android app components etc.
https://www.mobile-hacker.com/2025/07/14/shizuku-unlocking-advanced-android-capabilities-without-root/
❤29🔥2👏1
eSIM might not be as safe as you think: researchers hack and clone numbers
https://security-explorations.com/esim-security.html
https://security-explorations.com/esim-security.html
👍10❤1🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
Include computers into Bluetooth mesh network for Bitchat app
✅️ More devices = more nodes
✅️ Wider communication range https://github.com/kaganisildak/bitchat-python
✅️ More devices = more nodes
✅️ Wider communication range https://github.com/kaganisildak/bitchat-python
🌚5❤4👍2🔥1
Fake Android Money Transfer App Targeting Bengali-Speaking Users
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-money-transfer-app-targeting-bengali-speaking-users/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/fake-android-money-transfer-app-targeting-bengali-speaking-users/
McAfee Blog
Fake Android Money Transfer App Targeting Bengali-Speaking Users | McAfee Blog
Authored by Dexter Shin McAfee’s Mobile Research Team discovered a new and active Android malware campaign targeting Bengali-speaking users, mainly
🌚7
RaspyJack
Turn a Raspberry Pi Zero 2 W + Waveshare 1.44″ LCD into a pocket-sized, SharkJack-style network multitool.
Key features:
• Recon: Multi-profile Nmap scans
• Shells: Reverse-shell launcher (pick IP on the fly or use a preset)
• Creds Capture: Responder, ARP MITM + sniff, DNS-spoof phishing
• Loot Viewer: Read Nmap / Responder / DNSSpoof logs on the screen
https://github.com/7h30th3r0n3/Raspyjack
Turn a Raspberry Pi Zero 2 W + Waveshare 1.44″ LCD into a pocket-sized, SharkJack-style network multitool.
Key features:
• Recon: Multi-profile Nmap scans
• Shells: Reverse-shell launcher (pick IP on the fly or use a preset)
• Creds Capture: Responder, ARP MITM + sniff, DNS-spoof phishing
• Loot Viewer: Read Nmap / Responder / DNSSpoof logs on the screen
https://github.com/7h30th3r0n3/Raspyjack
🔥18❤7
Konfety Returns: Classic Mobile Threat with New Evasion Techniques
https://zimperium.com/blog/konfety-returns-classic-mobile-threat-with-new-evasion-techniques
https://zimperium.com/blog/konfety-returns-classic-mobile-threat-with-new-evasion-techniques
Zimperium
Konfety Returns: Classic Mobile Threat with New Evasion Techniques
New Konfety malware variant uses advanced evasion techniques to target Android devices, complicating detection and analysis for security professionals. Learn about its sophisticated tactics and impacts.
❤8🌚1
Keyboard Input Injection vulnerability in Air Keyboard iOS App Still Unpatched
https://www.mobile-hacker.com/2025/07/17/remote-input-injection-vulnerability-in-air-keyboard-ios-app-still-unpatched/
https://www.mobile-hacker.com/2025/07/17/remote-input-injection-vulnerability-in-air-keyboard-ios-app-still-unpatched/
❤9🌚2👏1
Remote Code Execution Discovered in XTool AnyScan App: Risks to Phones and Vehicles
https://www.nowsecure.com/blog/2025/07/16/remote-code-execution-discovered-in-xtool-anyscan-app-risks-to-phones-and-vehicles/
https://www.nowsecure.com/blog/2025/07/16/remote-code-execution-discovered-in-xtool-anyscan-app-risks-to-phones-and-vehicles/
Nowsecure
Remote Code Execution Discovered in XTool AnyScan App: Risks to Phones and Vehicles - NowSecure
Learn how NowSecure has identified an app whose developers violated security guidelines, bypassing recommended procedures exposing systems to remote control.
❤6🌚1😴1