Patch Diffing CVE-2024-23265: An iOS Kernel Memory Corruption Vulnerability
https://8ksec.io/patch-diffing-ios-kernel/

Android Physical Memory: CVE-2025-21479 Rights Elevation Record
https://dawnslab.jd.com/android_gpu_attack_cve_2025_21479/

ClayRat: A New Android Spyware Targeting Russia
https://zimperium.com/blog/clayrat-a-new-android-spyware-targeting-russia

New Pixnapping Attack allows any Android app without permissions to leak info displayed by other apps exploiting Android APIs and a hardware side channel (CVE-2025-48561)
Pixnapping is not fixed and probably affects all Androids.
PoC: Not available yet.
Video demonstrates stealing 2FA codes from Google Authenticator. It's like taking screenshot. Pixnapping exploits a side channel that allows the malicious app to map the pixels at those coordinates to letters, numbers, or shapes.
Info: https://www.pixnapping.com/

APK Tool GUI: GUI for apktool, signapk, zipalign and baksmali utilities
https://github.com/AndnixSH/APKToolGUI

GhostBat RAT: Inside the Resurgence of RTO-Themed Android Malware
https://cyble.com/blog/ghostbat-rat-inside-the-resurgence-of-rto-themed-android-malware/

Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves
https://arxiv.org/pdf/2510.09272

[beginners] Android Intents: operation, security and examples of attacks
https://mobeta-fr.translate.goog/android-intent-hijacking-pentest-mobile/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en

0-click vulnerability in Dolby's DDPlus decoder affected Android (CVE-2025-54957)
A malformed audio file can trigger an out-of-bounds write due to integer overflow in evolution data handling—leading to memory corruption and crashes.
Android decodes audio messages locally, making this exploitable without user interaction.
Reproduction: Just send a crafted RCS voice message (dolby_android_crash.mp4)
Details: https://project-zero.issues.chromium.org/issues/428075495

MCGDroid: An Android Malware Classification Method Based on Multi-Feature Class-Call Graph Characterization
https://www.sciencedirect.com/science/article/abs/pii/S016740482500402X

EnFeSTDroid: Ensembled feature selection techniques based Android malware detection
https://www.sciencedirect.com/science/article/pii/S0045790625007062

A vulnerability in DuckDuckGo’s Android browser allows file exfiltration via malicious intent:// URLs to gain access to a victim’s Sync account data such as account credentials and email protection information (CVE-2025-48464)
https://tuxplorer.com/posts/dont-leave-me-outdated/

Account takeover in Android app via JavaScript bridge
A misconfigured addJavanoscriptInterface + flawed domain validation + javanoscript:// trick enabled full cookie exfiltration via WebView.
Exploit chain: JSB dispatcher → file access handler → bypass via newline injection.
Payload:
Delivered via deeplink.
Executed JSB call to toBase64.
Read Cookies file from app sandbox.
Exfiltrated session data via callback.
https://tuxplorer.com/posts/account-takeover-via-jsb/

Practical Android Pentesting: A Case Study on TikTok RCE

https://dphoeniixx.medium.com/practical-android-pentesting-a-case-study-on-tiktok-rce-4a82e79cc7c6

Patching Android ARM64 library initializers for easy Frida instrumentation and debugging
https://blog.nviso.eu/2025/10/14/patching-android-arm64-library-initializers-for-easy-frida-instrumentation-and-debugging/

HyperRat – A New Android RAT Sold On Cybercrime Networks
https://iverify.io/blog/hyperrat-a-new-android-rat-sold-on-cybercrime-networks

Samsung Galaxy S25 pwned
Yesterday at Pwn2Own Ken Gannon and Dimitrios Valsamaras used five different bugs to exploit the Samsung Galaxy S25 and earn $50,000