DroidLock Hijacks Your Device
https://zimperium.com/blog/total-takeover-droidlock-hijacks-your-device
https://zimperium.com/blog/total-takeover-droidlock-hijacks-your-device
Zimperium
Total Takeover: DroidLock Hijacks Your Device
true
🌚9❤4👍2
Google Project Zero breaks down a 0-click Android exploit that hijacked Samsung phones via a malicious DNG image—originally flagged by Unit 42.
Patched in April 2025 (CVE-2025-21042)
https://googleprojectzero.blogspot.com/2025/12/a-look-at-android-itw-dng-exploit.html
Patched in April 2025 (CVE-2025-21042)
https://googleprojectzero.blogspot.com/2025/12/a-look-at-android-itw-dng-exploit.html
Blogspot
A look at an Android ITW DNG exploit
Posted by Benoît Sevens, Google Threat Intelligence Group Introduction Between July 2024 and February 2025, 6 suspicious image files were ...
❤21👍3
Security flaws in Freedom Chat app exposed users' phone numbers and PINs
https://ericdaigle.ca/posts/super-secure-maga-messaging-app-leaks-everyones-phone-number/
https://ericdaigle.ca/posts/super-secure-maga-messaging-app-leaks-everyones-phone-number/
⚡7👍3❤1
ipsw: command-line framework for Apple firmware analysis and interact with iOS devices
https://github.com/blacktop/ipsw
https://github.com/blacktop/ipsw
GitHub
GitHub - blacktop/ipsw: iOS/macOS Research Swiss Army Knife
iOS/macOS Research Swiss Army Knife. Contribute to blacktop/ipsw development by creating an account on GitHub.
🎃6👍3👾1
Frogblight: New Android banker targets Turkish users
https://securelist.com/frogblight-banker/118440/
https://securelist.com/frogblight-banker/118440/
Securelist
Frogblight banking Trojan targets Android users in Turkey
Kaspersky researchers have discovered a new Android banking Trojan targeting Turkish users and posing as an app for accessing court case files via an official government webpage. The malware is being actively developed and may become MaaS in the future.
👍4🌚3❤1
Cellik - A New Android RAT With Play Store Integration
https://iverify.io/blog/meet-cellik---a-new-android-rat-with-play-store-integration
https://iverify.io/blog/meet-cellik---a-new-android-rat-with-play-store-integration
iverify.io
Meet Cellik - A New Android RAT With Play Store Integration
Discover how Cellik Android RAT enables full device surveillance with live screen access, keylogging, app injection, and Play Store APK wrapping.
👍10🌚4❤3
Kimwolf Botnet Hacked 1.8 Million Android TVs, Launched DDoS Attacks, Proxy
https://blog.xlab.qianxin.com/kimwolf-botnet-en/
https://blog.xlab.qianxin.com/kimwolf-botnet-en/
奇安信 X 实验室
Kimwolf Exposed: The Massive Android Botnet with 1.8 Million Infected Devices
Background
On October 24, 2025, a trusted partner in the security community provided us with a brand-new botnet sample. The most distinctive feature of this sample was its C2 domain, 14emeliaterracewestroxburyma02132[.]su, which at the time ranked 2nd in…
On October 24, 2025, a trusted partner in the security community provided us with a brand-new botnet sample. The most distinctive feature of this sample was its C2 domain, 14emeliaterracewestroxburyma02132[.]su, which at the time ranked 2nd in…
🌚8👍5🎄2
Kimsuky Distributing Malicious Mobile App via QR Code
https://www.enki.co.kr/en/media-center/blog/kimsuky-distributing-malicious-mobile-app-via-qr-code
https://www.enki.co.kr/en/media-center/blog/kimsuky-distributing-malicious-mobile-app-via-qr-code
www.enki.co.kr
Kimsuky Distributing Malicious Mobile App via QR Code | Enki White Hat
👍6🔥5🌚2
Analysis of CVE-2025-31200, a zero-day, zero-click RCE in iOS. Triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalation (CVE-2025-31201), and allowed token theft until patched in iOS 18.4.1 (Apr 16, 2025)
https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201
https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201
GitHub
GitHub - JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201: CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s…
CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalati...
🔥12👍4🌚2
CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC
https://faith2dxy.xyz/2025-12-22/cve_2025_38352_analysis/
PoC: https://github.com/farazsth98/poc-CVE-2025-38352
https://faith2dxy.xyz/2025-12-22/cve_2025_38352_analysis/
PoC: https://github.com/farazsth98/poc-CVE-2025-38352
faith2dxy.xyz
CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC
CVE-2025-38352 was a race condition use-after-free vulnerability in the Linux kernel's POSIX CPU timers implementation that was reported to have been under…
⚡5👍3👾2
A New Stage in the Evolution of Android SMS Stealers in Uzbekistan
https://www.group-ib.com/blog/mobile-malware-uzbekistan/
https://www.group-ib.com/blog/mobile-malware-uzbekistan/
Group-IB
Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan
Group-IB analyzes the evolution of Android malware in Uzbekistan, revealing advanced droppers, encrypted payload delivery, anti-analysis techniques, and Wonderland’s bidirectional SMS-stealing capabilities driving large-scale financial fraud.
❤3👍3