Exploring Android Accessibility Malware | Droidcon Italy 2024
https://www.youtube.com/watch?v=xCHW8ql3vi0

Analysis of Android DHCSpy operated by the Iranian APT MuddyWater
https://shindan.io/blog/dhcspy-discovering-the-iranian-apt-muddywater

Security Evaluation Of Android Apps In Budget African Mobile Devices
The study examined 1,544 APKs collected from seven African smartphones. The analysis revealed that 145 applications (9%) disclose sensitive data, 249 (16%) expose critical components, and many present additional risks: 226 execute privileged or dangerous commands, 79 interact with SMS messages (read, send, or delete), and 33 perform silent installation operations
https://arxiv.org/pdf/2509.18800

Datzbro: RAT Hiding Behind Senior Travel Scams
https://www.threatfabric.com/blogs/datzbro-rat-hiding-behind-senior-travel-scams

Klopatra: exposing a new Android banking trojan operation with roots in Turkey
https://www.cleafy.com/cleafy-labs/klopatra-exposing-a-new-android-banking-trojan-operation-with-roots-in-turkey

Silent Smishing : The Hidden Abuse of Cellular Router APIs
Cellular router’s API was exploited to send malicious SMS messages containing phishing URLs
https://blog.sekoia.io/silent-smishing-the-hidden-abuse-of-cellular-router-apis/

Phones auto-connecting to "FreeWiFi_Secure" Wi-Fi network leak full IMSI in cleartext during EAP-SIM exchange
Anyone nearby with sniffer could capture it → track users, or correlate identities.
Fixed pushed disabling FreeWiFi_Secure on legacy boxes starting Oct 1, 2025.
https://7h30th3r0n3.fr/the-vulnerability-that-killed-freewifi_secure/

Attacking telecom: security bugs from 2G to 5G, SMS exploits, and SS7 & Diameter protocols
[presentation] https://www.youtube.com/watch?v=364R1SoGGJ4

Two spyware strains - ProSpy & ToSpy - masquerade as Signal and ToTok to infect Androids
https://www.welivesecurity.com/en/eset-research/new-spyware-campaigns-target-privacy-conscious-android-users-uae/

iOS Crypto Heist: iMessage Zero-Click RCE Chain (CVE-2025-31200, CVE-2025-31201)
CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalation (CVE-2025-31201), and allowed token theft until patched in iOS 18.4.1 (Apr 16, 2025)
Info: https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201
PoC exploit: https://www.dropbox.com/scl/fi/oerpnhq1ui3xfswsszfh2/Audio-clip.amr?rlkey=7n54m1o84poezyipxvd2f9slx&e=3&st=b1tkonvr&dl=0

Exploit for a vulnerability in the Nothing Phone 2a/CMF Phone 1 secure boot chain (and possibly other MediaTek devices)
Info + PoC: https://github.com/R0rt1z2/fenrir

Patch Diffing CVE-2024-23265: An iOS Kernel Memory Corruption Vulnerability
https://8ksec.io/patch-diffing-ios-kernel/

Android Physical Memory: CVE-2025-21479 Rights Elevation Record
https://dawnslab.jd.com/android_gpu_attack_cve_2025_21479/

ClayRat: A New Android Spyware Targeting Russia
https://zimperium.com/blog/clayrat-a-new-android-spyware-targeting-russia

New Pixnapping Attack allows any Android app without permissions to leak info displayed by other apps exploiting Android APIs and a hardware side channel (CVE-2025-48561)
Pixnapping is not fixed and probably affects all Androids.
PoC: Not available yet.
Video demonstrates stealing 2FA codes from Google Authenticator. It's like taking screenshot. Pixnapping exploits a side channel that allows the malicious app to map the pixels at those coordinates to letters, numbers, or shapes.
Info: https://www.pixnapping.com/

APK Tool GUI: GUI for apktool, signapk, zipalign and baksmali utilities
https://github.com/AndnixSH/APKToolGUI

GhostBat RAT: Inside the Resurgence of RTO-Themed Android Malware
https://cyble.com/blog/ghostbat-rat-inside-the-resurgence-of-rto-themed-android-malware/

Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves
https://arxiv.org/pdf/2510.09272

[beginners] Android Intents: operation, security and examples of attacks
https://mobeta-fr.translate.goog/android-intent-hijacking-pentest-mobile/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en