Android backdoor spies on employees of Russian business
https://forum.drweb.com/index.php?showtopic=339295
https://forum.drweb.com/index.php?showtopic=339295
Dr.Web forum
Android-бэкдор шпионит за сотрудниками российского бизнеса - Новости компании
Android-бэкдор шпионит за сотрудниками российского бизнеса - posted in Новости компании: 12 августа 2025 годаКомпания «Доктор Веб» сообщает о распространении многофункционального бэкдора Android.Backdoor.916.origin для мобильных Android-устройств, который…
🌚10❤4😁2🌭1
Gain Control of Rooted Android Devices by Exploiting One Vulnerability in KernelSU
https://zimperium.com/blog/the-rooting-of-all-evil-security-holes-that-could-compromise-your-mobile-device
https://zimperium.com/blog/the-rooting-of-all-evil-security-holes-that-could-compromise-your-mobile-device
Zimperium
The Root(ing) Of All Evil: Security Holes That Could Compromise Your Mobile Device
true
🌚13❤4🔥1🤮1
PhantomCard: New NFC-driven Android malware emerging in Brazil
https://www.threatfabric.com/blogs/phantomcard-new-nfc-driven-android-malware-emerging-in-brazil
https://www.threatfabric.com/blogs/phantomcard-new-nfc-driven-android-malware-emerging-in-brazil
ThreatFabric
PhantomCard: New NFC-driven Android malware emerging in Brazil 🇧🇷
PhantomCard is a sophisticated Android malware leveraging NFC relaying techniques.
🔥8🤣7❤4🎃2👍1
Exposes and Analyzes of ERMAC V3.0 Banking Trojan Full Source Code Leak
https://hunt.io/blog/ermac-v3-banking-trojan-source-code-leak
https://hunt.io/blog/ermac-v3-banking-trojan-source-code-leak
hunt.io
ERMAC V3.0 Banking Trojan: Full Source Code Leak and Infrastructure Analysis
Hunt.io uncovers the complete ERMAC V3.0 source code, revealing its infrastructure, vulnerabilities, and expanded form injection capabilities.
🌚9👍3❤2🤣1
Reversing Android Apps: Bypassing Detection Like a Pro
https://www.kayssel.com/newsletter/issue-12/
https://www.kayssel.com/newsletter/issue-12/
Kayssel
Reversing Android Apps: Bypassing Detection Like a Pro
Techniques to bypass root, Frida, and SSL protections in modern Android apps
❤20🔥9🌚1
Android Malware Promises Energy Subsidy to Steal Financial Data
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-malware-promises-energy-subsidy-to-steal-financial-data/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/android-malware-promises-energy-subsidy-to-steal-financial-data/
McAfee Blog
Android Malware Promises Energy Subsidy to Steal Financial Data | McAfee Blog
Authored by ZePeng Chen Recently, we identified an active Android phishing campaign targeting Indian users. The attackers impersonate a government
❤7👍4🤣4
Lazarus Stealer : Android Malware for Russian Bank Credential Theft Through Overlay and SMS Manipulation
https://www.cyfirma.com/research/lazarus-stealer-android-malware-for-russian-bank-credential-theft-through-overlay-and-sms-manipulation/
https://www.cyfirma.com/research/lazarus-stealer-android-malware-for-russian-bank-credential-theft-through-overlay-and-sms-manipulation/
CYFIRMA
Lazarus Stealer : Android Malware for Russian Bank Credential Theft Through Overlay and SMS Manipulation - CYFIRMA
EXECUTIVE SUMMARY At CYFIRMA, we deliver actionable intelligence on emerging cyber threats impacting both individuals and organizations. This report analyzes...
👍12🌚1
Step by Step Complete Beginners guide of iOS penetration testing
https://infosecwriteups.com/step-by-step-complete-beginners-guide-of-ios-penetration-testing-17092c0e0dc7
https://infosecwriteups.com/step-by-step-complete-beginners-guide-of-ios-penetration-testing-17092c0e0dc7
Medium
Step by Step Complete Beginners guide of iOS penetration testing
Greetings fellow hackers, my name is Sandy, Security Analyst and Bug bounty hunter.
🌚9❤5👍3👎1
Full exploit chain of FiberGateway router via public wifi network
https://r0ny.net/FiberGateway-GR241AG-Full-Exploit-Chain/
https://r0ny.net/FiberGateway-GR241AG-Full-Exploit-Chain/
r0ny
FiberGateway GR241AG - Full Exploit Chain
During the year of 2023 I’ve identified that it was possible to obtain full control of the FiberGateway GR241AG router (root access), provided by a Portuguese ISP (Meo), via the public wifi network “MEO WiFi”. This wifi network is enabled by default and can…
🌚6❤3🔥2
Samsung S24 Exploit Chain Pwn2Own 2024 Walkthrough
https://medium.com/@happyjester80/samsung-s24-exploit-chain-pwn2own-2024-walkthrough-c7a3da9a7a26
https://medium.com/@happyjester80/samsung-s24-exploit-chain-pwn2own-2024-walkthrough-c7a3da9a7a26
Medium
Samsung S24 Exploit Chain Pwn2Own 2024 Walkthrough
بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِ
🌚11👍6🔥4
Xiaomi 13 Pro Code Execution via GetApps DOM Cross-Site Scripting (XSS) from Pwn2Own 2023
https://medium.com/@happyjester80/xiaomi-13-pro-code-execution-via-getapps-dom-cross-site-noscripting-xss-6590cf35fb27
https://medium.com/@happyjester80/xiaomi-13-pro-code-execution-via-getapps-dom-cross-site-noscripting-xss-6590cf35fb27
Medium
Xiaomi 13 Pro Code Execution via GetApps DOM Cross-Site Scripting (XSS)
بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِ
❤10🌚8👻2👀2
Hidden Links: Analyzing Secret Families of VPN Apps
https://www.petsymposium.org/foci/2025/foci-2025-0008.pdf
https://www.petsymposium.org/foci/2025/foci-2025-0008.pdf
🌚13
Android Document Readers and Deception: Tracking the Latest Updates to Anatsa
https://www.zscaler.com/blogs/security-research/android-document-readers-and-deception-tracking-latest-updates-anatsa
https://www.zscaler.com/blogs/security-research/android-document-readers-and-deception-tracking-latest-updates-anatsa
Zscaler
Anatsa’s Latest Updates | ThreatLabz
This analysis explores the latest updates to the Anatsa Android malware family.
🌚9👍4
ELEGANTBOUNCER: Catch iOS 0-click exploits without having the samples.
Features iOS backup forensics & messaging app scanning for iMessage, WhatsApp, Signal, Telegram & Viber attachments.
https://www.msuiche.com/posts/elegantbouncer-when-you-cant-get-the-samples-but-still-need-to-catch-the-threat/
Features iOS backup forensics & messaging app scanning for iMessage, WhatsApp, Signal, Telegram & Viber attachments.
https://www.msuiche.com/posts/elegantbouncer-when-you-cant-get-the-samples-but-still-need-to-catch-the-threat/
Msuiche
ELEGANTBOUNCER: When You Can't Get the Samples but Still Need to Catch the Threat | Matt Suiche
The story of how ELEGANTBOUNCER was born from the frustration of not having access to in-the-wild exploit samples, and why structural analysis beats signatures for advanced mobile threats
❤15👍2🌚1
Fake Website Pages Used to Spread SpyNote Android Malware
https://dti.domaintools.com/spynote-malware-part-2/
https://dti.domaintools.com/spynote-malware-part-2/
DomainTools Investigations | DTI
SpyNote Malware Part 2 - DomainTools Investigations | DTI
This report highlights the resurfacing of SpyNote activity by the same actor in a previous DTI report and provides additional information around the recent activity and changes in tactics since the prior report.
👍11
Forwarded from The Bug Bounty Hunter
Revealing Hidden iOS Apps: Exploring System Applications on Jailbroken Devices
https://reversethat.app/posts/revealing-hidden-system-ios-apps/
https://reversethat.app/posts/revealing-hidden-system-ios-apps/
Apps RE
Revealing Hidden iOS Apps: Exploring System Applications on Jailbroken Devices
Apple’s iOS ecosystem is renowned for its sleek user interface and curated app experience, prominently displaying stock apps like Safari, Photos, and Calendar on the Home screen. However, beneath this polished surface lies a treasure trove of internal system…
👍12
CADroid: A Cross-combination Attention based Framework for Android Malware Detection
https://www.sciencedirect.com/science/article/abs/pii/S0957417425030623
https://www.sciencedirect.com/science/article/abs/pii/S0957417425030623
👍6
iOS 18.6.1 0-click RCE POC (CVE-2025-43300)
https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-43300.md
https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-43300.md
GitHub
n-days/CVE-2025-43300.md at main · b1n4r1b01/n-days
Contribute to b1n4r1b01/n-days development by creating an account on GitHub.
👍7🌚4❤3
Hook Version 3: The Banking Trojan with The Most Advanced Capabilities
https://zimperium.com/blog/hook-version-3-the-banking-trojan-with-the-most-advanced-capabilities
https://zimperium.com/blog/hook-version-3-the-banking-trojan-with-the-most-advanced-capabilities
Zimperium
Hook Version 3: The Banking Trojan with The Most Advanced Capabilities
true
❤12🌚2👍1
Sotap — A lightweight .so library for logging the behavior of JNI libraries
https://github.com/RezaArbabBot/SoTap
https://github.com/RezaArbabBot/SoTap
GitHub
GitHub - RezaArbabBot/SoTap: sotap is an open source project in line with so(jni) logging. Any use is at your own risk. You can…
sotap is an open source project in line with so(jni) logging. Any use is at your own risk. You can customize the c file then build and get the output - RezaArbabBot/SoTap
🌚8👍2❤1🔥1