PhantomCall unmasked: An Antidot variant disguised as fake Chrome apps in a global banking malware campaign
https://www.ibm.com/think/news/phantomcall-antidot-variant-in-fake-chrome-apps

Strategies for Analyzing Native Code in Android Applications: Combining Ghidra and Symbolic Execution for Code Decryption and Deobfuscation
https://revflash.medium.com/strategies-for-analyzing-native-code-in-android-applications-combining-ghidra-and-symbolic-aaef4c9555df

Wanted to spy on my dog, ended up spying on TP-Link (TP-Link Tapo app)
https://kennedn.com/blog/posts/tapo/

NFC Card Vulnerability Exploitation Leading to Free Top-Up in KioSoft "Stored Value" Unattended Payment Solution (Mifare) CVE-2025-8699
https://sec-consult.com/vulnerability-lab/advisory/nfc-card-vulnerability-exploitation-leading-to-free-top-up-kiosoft-payment-solution/

Android SlopAds Fraud with Layers of Obfuscation
https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-slopads-covers-fraud-with-layers-of-obfuscation/

Automating Android Component Testing with new APK Inspector tool
-What are exported components?
-Setup and testing APK Inspector
-Improve automation and execute ADB commands interactively
-Run it on Android
-What are Intent Redirection Vulnerabilities?
https://www.mobile-hacker.com/2025/09/18/automating-android-app-component-testing-with-new-apk-inspector/

Trigger for the integer underflow bug in the HID core subsystem (CVE-2025-38494 and CVE-2025-38495) that leaks 64 KB of OOB memory over USB
Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels)
https://github.com/xairy/kernel-exploits/tree/master/CVE-2025-38494

CVE-2025-10184 is permission bypass that affects multiple OnePlus devices running OxygenOS 12–15 (NOT FIXED) with PoC
This vulnerability allows any application installed on the device to read SMS/MMS without permission, user interaction, or consent.
https://www.rapid7.com/blog/post/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed/

Finding vulnerabilities in the Binder kernel driver through fuzzing
https://androidoffsec.withgoogle.com/posts/binder-fuzzing/

Obtain a root shell on Unisoc unpatched devices (CVE-2025-31710)
https://github.com/Skorpion96/unisoc-su/tree/main?tab=readme-ov-file

Banker Trojan Targeting Indonesian and Vietnamese Android Users
https://dti.domaintools.com/banker-trojan-targeting-indonesian-and-vietnamese-android-users/

Triggered WhatsApp 0-click on iOS/macOS/iPadOS
CVE-2025-55177 arises from missing validation that the [Redacted] message originates from a linked device, enabling specially crafted DNG parsing that triggers CVE-2025-43300.
Analysis of Samsung CVE-2025-21043 is also ongoing
Source: https://x.com/DarkNavyOrg/status/1972260639101034950

Writeup for CVE-2025-24085, an ITW iOS mediaplaybackd vulnerability patched earlier this year
https://github.com/b1n4r1b01/n-days/blob/main/CVE-2025-24085/CVE-2025-24085.md

Exploring Android Accessibility Malware | Droidcon Italy 2024
https://www.youtube.com/watch?v=xCHW8ql3vi0

Analysis of Android DHCSpy operated by the Iranian APT MuddyWater
https://shindan.io/blog/dhcspy-discovering-the-iranian-apt-muddywater

Security Evaluation Of Android Apps In Budget African Mobile Devices
The study examined 1,544 APKs collected from seven African smartphones. The analysis revealed that 145 applications (9%) disclose sensitive data, 249 (16%) expose critical components, and many present additional risks: 226 execute privileged or dangerous commands, 79 interact with SMS messages (read, send, or delete), and 33 perform silent installation operations
https://arxiv.org/pdf/2509.18800

Datzbro: RAT Hiding Behind Senior Travel Scams
https://www.threatfabric.com/blogs/datzbro-rat-hiding-behind-senior-travel-scams

Klopatra: exposing a new Android banking trojan operation with roots in Turkey
https://www.cleafy.com/cleafy-labs/klopatra-exposing-a-new-android-banking-trojan-operation-with-roots-in-turkey

Silent Smishing : The Hidden Abuse of Cellular Router APIs
Cellular router’s API was exploited to send malicious SMS messages containing phishing URLs
https://blog.sekoia.io/silent-smishing-the-hidden-abuse-of-cellular-router-apis/

Phones auto-connecting to "FreeWiFi_Secure" Wi-Fi network leak full IMSI in cleartext during EAP-SIM exchange
Anyone nearby with sniffer could capture it → track users, or correlate identities.
Fixed pushed disabling FreeWiFi_Secure on legacy boxes starting Oct 1, 2025.
https://7h30th3r0n3.fr/the-vulnerability-that-killed-freewifi_secure/

Attacking telecom: security bugs from 2G to 5G, SMS exploits, and SS7 & Diameter protocols
[presentation] https://www.youtube.com/watch?v=364R1SoGGJ4