Remote Code Execution Discovered in XTool AnyScan App: Risks to Phones and Vehicles
https://www.nowsecure.com/blog/2025/07/16/remote-code-execution-discovered-in-xtool-anyscan-app-risks-to-phones-and-vehicles/
https://www.nowsecure.com/blog/2025/07/16/remote-code-execution-discovered-in-xtool-anyscan-app-risks-to-phones-and-vehicles/
Nowsecure
Remote Code Execution Discovered in XTool AnyScan App: Risks to Phones and Vehicles - NowSecure
Learn how NowSecure has identified an app whose developers violated security guidelines, bypassing recommended procedures exposing systems to remote control.
❤6🌚1😴1
This media is not supported in your browser
VIEW IN TELEGRAM
Sending bitcoin over Bluetooth between Bitchat Android and iPhone. Both have a native cashu ecash wallet built in.
The ecash travels directly from phone to phone. the sender needs no internet. It is instant and untraceable digital cash.
The ecash travels directly from phone to phone. the sender needs no internet. It is instant and untraceable digital cash.
👍34👏12🤨7❤4🔥3😁3⚡1🥰1🤔1🌚1
How To Turn Old Android Smartphone into Travel Router With NAS
https://www.mobile-hacker.com/2025/07/21/how-to-turn-old-android-smartphone-into-travel-router-with-nas/
https://www.mobile-hacker.com/2025/07/21/how-to-turn-old-android-smartphone-into-travel-router-with-nas/
Mobile Hacker
How To Turn Old Android Smartphone into Travel Router With NAS Mobile Hacker
It’s not perfect, but it works—a clever DIY project that blends portability, privacy, and practicality.
🌚10❤6👍2
Android Misconfiguration Leading to Task Hijacking in Caller ID app with 10M+ installs (CVE-2025-7889) + demo
https://github.com/KMov-g/androidapps/blob/main/caller.id.phone.number.block.md
https://github.com/KMov-g/androidapps/blob/main/caller.id.phone.number.block.md
GitHub
androidapps/caller.id.phone.number.block.md at main · KMov-g/androidapps
Contribute to KMov-g/androidapps development by creating an account on GitHub.
🌚10❤7
Lookout Discovers Massistant Chinese Mobile Forensic Tooling
https://www.lookout.com/threat-intelligence/article/massistant-chinese-mobile-forensics
https://www.lookout.com/threat-intelligence/article/massistant-chinese-mobile-forensics
Lookout
Lookout Discovers Massistant Chinese Mobile Forensic Tooling | Threat Intel
Massistant is a mobile forensics application used by law enforcement in China to collect extensive information from mobile devices.
🌚6❤1
Unmasking Malicious APKs: Android Malware Blending Click Fraud and Credential Theft
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/unmasking-malicious-apks-android-malware-blending-click-fraud-and-credential-theft/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/unmasking-malicious-apks-android-malware-blending-click-fraud-and-credential-theft/
Trustwave
Unmasking Malicious APKs: Android Malware Blending Click Fraud and Credential Theft
Malicious APKs (Android Package Kit files) continue to serve as one of the most persistent and adaptable delivery mechanisms in mobile threat campaigns.
🌚6
Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict
https://www.lookout.com/threat-intelligence/article/lookout-discovers-iranian-dchsy-surveillanceware
https://www.lookout.com/threat-intelligence/article/lookout-discovers-iranian-dchsy-surveillanceware
Lookout
Lookout Discovers MuddyWater Leveraging DCHSpy For Israel-Iran Conflict | Threat Intel
Lookout discovered four new samples of DCHSpy one week after the start of the Israel-Iran conflict. It is likely developed and maintained by MuddyWater, part of Iran's MOIS
🌚11❤4
Deobfuscating Android Apps with Androidmeda LLM: A Smarter Way to Read Obfuscated Code
✅As a bonus, example of deobfuscating Crocodilus Malware
https://www.mobile-hacker.com/2025/07/22/deobfuscating-android-apps-with-androidmeda-a-smarter-way-to-read-obfuscated-code/
✅As a bonus, example of deobfuscating Crocodilus Malware
https://www.mobile-hacker.com/2025/07/22/deobfuscating-android-apps-with-androidmeda-a-smarter-way-to-read-obfuscated-code/
❤15👍5😁3🌚1
Insecure authentication due to missing brute-force protection and runtime manipulation in Two App Studio Journey v5.5.9 for iOS (CVE-2025-41459)
Journey is a journaling app for iOS that stores personal entries and media
https://cirosec.de/en/news/vulnerability-in-two-app-studio-journey/
Journey is a journaling app for iOS that stores personal entries and media
https://cirosec.de/en/news/vulnerability-in-two-app-studio-journey/
cirosec
Vulnerability in Two App Studio Journey (CVE-2025-41459) - cirosec
July 21, 2025 - Journey is a journaling app for iOS that stores personal entries and media.
🌚7❤4
The Dark Side of Romance: SarangTrap Extortion Campaign
https://zimperium.com/blog/the-dark-side-of-romance-sarangtrap-extortion-campaign
https://zimperium.com/blog/the-dark-side-of-romance-sarangtrap-extortion-campaign
Zimperium
The Dark Side of Romance: SarangTrap Extortion Campaign
true
👏9🌚3
🚨 Meet Guardio - a powerful online protection tool that keeps you safe while you browse, shop, and live your digital life.
✅ Blocks scam sites, phishing & malicious pop-ups
✅ Alerts you instantly if your personal info or SSN is leaked
✅ Protects your identity, accounts & mobile in real-time
🎁 Try it FREE for 7 days – plus get up to 72% discount! Give it a try now
✅ Blocks scam sites, phishing & malicious pop-ups
✅ Alerts you instantly if your personal info or SSN is leaked
✅ Protects your identity, accounts & mobile in real-time
🎁 Try it FREE for 7 days – plus get up to 72% discount! Give it a try now
👎25🤡10❤3💩3👍2🎉1🌚1
Debugging the Pixel 8 kernel via KGDB
How to use GDB over a serial connection for debugging the kernel on a Pixel 8
https://xairy.io/articles/pixel-kgdb
How to use GDB over a serial connection for debugging the kernel on a Pixel 8
https://xairy.io/articles/pixel-kgdb
❤17👍3🔥2🌚1
RedHook: A New Android Banking Trojan Targeting Users in Vietnam
https://cyble.com/blog/redhook-new-android-banking-targeting-in-vietnam/
https://cyble.com/blog/redhook-new-android-banking-targeting-in-vietnam/
Cyble
RedHook: A New Android Banking Trojan Targeting Users In Vietnam
RedHook is a new Android banking trojan targeting Vietnamese users via phishing sites posing as trusted financial and government institutions.
🌚8❤1
ToxicPanda: The Android Banking Trojan Targeting Europe
https://www.bitsight.com/blog/toxicpanda-android-banking-malware-2025-study
https://www.bitsight.com/blog/toxicpanda-android-banking-malware-2025-study
Bitsight
ToxicPanda Malware in 2025 | Bitsight TRACE Threat Research
What is ToxicPanda? Bitsight Trace dives into detail on the banking malware, from impact breadth, delivery, technical analysis, and more. Learn more now.
👍14🤩3
Meet Guardio - a powerful online protection tool that keeps you safe while you browse, shop, and live your digital life.
✅ Blocks scam sites, phishing & malicious pop-ups
✅ Alerts you instantly if your personal info or SSN is leaked
✅ Protects your identity, accounts & mobile in real-time
🎁 Try it for free for 7 days, no strings attached!
✅ Blocks scam sites, phishing & malicious pop-ups
✅ Alerts you instantly if your personal info or SSN is leaked
✅ Protects your identity, accounts & mobile in real-time
🎁 Try it for free for 7 days, no strings attached!
🌚6🤮4🤡4👎2
PlayPraetor's evolving threat: How Chinese-speaking actors globally scale an Android RAT
https://www.cleafy.com/cleafy-labs/playpraetors-evolving-threat-how-chinese-speaking-actors-globally-scale-an-android-rat
https://www.cleafy.com/cleafy-labs/playpraetors-evolving-threat-how-chinese-speaking-actors-globally-scale-an-android-rat
Cleafy
PlayPraetor's evolving threat: How Chinese-speaking actors globally scale an Android RAT | Cleafy
The Cleafy Threat Intelligence Team has uncovered a large-scale Malware-as-a-Service (MaaS) operation orchestrated by Chinese-speaking Threat Actors. The operation has globally infected over 11,000 Android devices by deploying the PlayPraetor Remote Access…
❤11🌚6🤔1
Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed
https://zimperium.com/blog/behind-random-words-doubletrouble-mobile-banking-trojan-revealed
https://zimperium.com/blog/behind-random-words-doubletrouble-mobile-banking-trojan-revealed
Zimperium
Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed
true
❤13🌚1
Android Malware Targets Indian Banking Users to Steal Financial Info and Mine Crypto
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-malware-targets-indian-banking-users-to-steal-financial-info-and-mine-crypto/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-malware-targets-indian-banking-users-to-steal-financial-info-and-mine-crypto/
McAfee Blog
Android Malware Targets Indian Banking Users to Steal Financial Info and Mine Crypto | McAfee Blog
Authored by Dexter Shin McAfee’s Mobile Research Team discovered a new Android malware campaign targeting Hindi-speaking users, mainly in India. The
❤11🌚2👾2👍1😁1
Guardio’s like your digital bodyguard - blocking scams, leaks, and shady stuff before it hits.
Think you’re safe online? Let’s put it to the test.
👉 Take our quick Security Quiz and see how protected you really are.
🚫 Bye-bye scam sites & phishing traps
🔔 Instant alerts if your info gets leaked
📱 Real-time protection for all your devices
🎁 Try Guardio free for 7 days - no strings, just safety.
Think you’re safe online? Let’s put it to the test.
👉 Take our quick Security Quiz and see how protected you really are.
🚫 Bye-bye scam sites & phishing traps
🔔 Instant alerts if your info gets leaked
📱 Real-time protection for all your devices
🎁 Try Guardio free for 7 days - no strings, just safety.
🤡19❤8🌚4💩1
JMS — Mobile Docker, the container image used by JMS in their mobile-security trainings
Info: https://medium.com/@justmobilesec/just-mobile-security-jms-mobile-docker-ba1e6b7f131d
Docker: https://github.com/justmobilesec/just-mobile-security-mobile-docker
Info: https://medium.com/@justmobilesec/just-mobile-security-jms-mobile-docker-ba1e6b7f131d
Docker: https://github.com/justmobilesec/just-mobile-security-mobile-docker
Medium
Just Mobile Security (JMS) Mobile Docker
TL;DR: We’re sharing JMS — Mobile Docker, the container image we use in our mobile-security trainings. It’s based on the OWASP MASTG Tools…
🔥15❤3🌚1
Forwarded from The Bug Bounty Hunter
From Signal to the Android SDK: Chaining Path Traversal, Mimetype Confusion, Security Check Bypass and File Denoscriptor Bruteforce for Arbitrary File Access
https://blog.ostorlab.co/signal-arbitrary-file-read.html
https://blog.ostorlab.co/signal-arbitrary-file-read.html
blog.ostorlab.co
Ostorlab: Mobile App Security Testing for Android and iOS
This technical analysis reveals how sophisticated attack chains—combining path traversal, symbolic link manipulation, and Android SDK quirks—can breach Signal Android's defenses to extract sensitive internal files, despite its legendary encryption remaining…
👍13❤7