Frida-UI: Interact with Frida devices, processes, and noscripts directly from your browser
https://github.com/adityatelange/frida-ui
https://github.com/adityatelange/frida-ui
GitHub
GitHub - adityatelange/frida-ui: Interact with Frida devices, processes, and noscripts directly from your browser.
Interact with Frida devices, processes, and noscripts directly from your browser. - adityatelange/frida-ui
👌12👍1
This media is not supported in your browser
VIEW IN TELEGRAM
One-click Telegram IP address leak
https://www.bleepingcomputer.com/news/security/hidden-telegram-proxy-links-can-reveal-your-ip-address-in-one-click/
Video by @0x6rss
https://www.bleepingcomputer.com/news/security/hidden-telegram-proxy-links-can-reveal-your-ip-address-in-one-click/
Video by @0x6rss
❤18🎃3😁2👍1
Play Integrity API: How It Works & How to Bypass It
https://m4kr0.vercel.app/posts/play-integrity-api-how-it-works--how-to-bypass-it/
https://m4kr0.vercel.app/posts/play-integrity-api-how-it-works--how-to-bypass-it/
M4KR0 Blog
Play Integrity API: How It Works & How to Bypass It - M4KR0 Blog
What's Play Interity API and how to bypass it
❤17⚡4👍3😴2👏1
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail
https://m4kr0.vercel.app/posts/flutter-ssl-bypass-how-to-intercept-https-traffic-when-all-other-frida-noscripts-fail/
https://m4kr0.vercel.app/posts/flutter-ssl-bypass-how-to-intercept-https-traffic-when-all-other-frida-noscripts-fail/
M4KR0 Blog
Flutter SSL Bypass: How to Intercept HTTPS Traffic When all other Frida Scripts Fail - M4KR0 Blog
my journey in intercepting HTTPS traffic from a APK based on Flutter
❤19🔥5👍3
deVixor: An Evolving Android Banking RAT with Ransomware Capabilities Targeting Iran
https://cyble.com/blog/devixor-an-evolving-android-banking-rat-with-ransomware-capabilities-targeting-iran/
https://cyble.com/blog/devixor-an-evolving-android-banking-rat-with-ransomware-capabilities-targeting-iran/
Cyble
DeVixor Android Banking RAT Targeting Iran
Cyble analyzed deVixor, an advanced Android banking RAT with ransomware features actively targeting Iranian users.
❤15👍4🤬3😁2🎃2
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
https://projectzero.google/2026/01/pixel-0-click-part-1.html
https://projectzero.google/2026/01/pixel-0-click-part-1.html
projectzero.google
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby - Project Zero
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One ef...
🔥14❤2👍1🎃1
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
https://projectzero.google/2026/01/pixel-0-click-part-2.html
https://projectzero.google/2026/01/pixel-0-click-part-2.html
projectzero.google
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave - Project Zero
With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the res...
👏10🎃2👍1
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
https://projectzero.google/2026/01/pixel-0-click-part-3.html
https://projectzero.google/2026/01/pixel-0-click-part-3.html
projectzero.google
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here? - Project Zero
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our e...
👏15🎃5❤1👍1🤔1
WhisperPair: Hijacking Bluetooth Accessories
Using Google Fast Pair.
You can also check if your device is vulnerable
https://whisperpair.eu/
Using Google Fast Pair.
You can also check if your device is vulnerable
https://whisperpair.eu/
whisperpair.eu
WhisperPair: Hijacking Bluetooth Accessories Using Google Fast Pair
WhisperPair is a family of practical attacks leveraging a flaw in the Google Fast Pair implementation on flagship audio accessories.
❤11🎃5👏3👍2
WPair: app for testing Bluetooth WhisperPair vulnerability in Google's Fast Pair protocol (CVE-2025-36911) https://github.com/zalexdev/wpair-app
GitHub
GitHub - zalexdev/wpair-app: WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair)…
WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol. This vulnerability affects millions of Blueto...
🔥15❤7👏5👍3🤯2🎃2💋1
Frida-based tool to dump decrypted iOS apps as .ipa from a jailbroken device supports App Store, sideloaded and system
https://github.com/lautarovculic/frida-ipa-extract
https://github.com/lautarovculic/frida-ipa-extract
GitHub
GitHub - lautarovculic/frida-ipa-extract: Robust Frida-based tool to dump decrypted iOS apps as .ipa from a jailbroken device supports…
Robust Frida-based tool to dump decrypted iOS apps as .ipa from a jailbroken device supports App Store, sideloaded and system. - lautarovculic/frida-ipa-extract
👍16❤7🎃3🤣1
Analysis of CVE-2025-43529 (WebKit UAF) + CVE-2025-14174 (ANGLE OOB) exploit chain - iOS Safari
https://github.com/zeroxjf/WebKit-UAF-ANGLE-OOB-Analysis
https://github.com/zeroxjf/WebKit-UAF-ANGLE-OOB-Analysis
👍9❤4🎃1
Firebase APK Security Scanner
Scan Android APKs for Firebase security misconfigurations including open databases, exposed storage buckets, and authentication bypasses
https://github.com/trailofbits/skills/tree/main/plugins/firebase-apk-scanner
Scan Android APKs for Firebase security misconfigurations including open databases, exposed storage buckets, and authentication bypasses
https://github.com/trailofbits/skills/tree/main/plugins/firebase-apk-scanner
GitHub
skills/plugins/firebase-apk-scanner at main · trailofbits/skills
Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows - trailofbits/skills
❤17🎃3👍2
Android.Phantom trojans are bundled with modded games and popular apps to infiltrate smartphones. They use machine learning and video broadcasts to engage in click fraud
https://news.drweb.com/show/?i=15110&lng=en
https://news.drweb.com/show/?i=15110&lng=en
Dr.Web
Android.Phantom trojans are bundled with modded games and popular apps to infiltrate smartphones. They use machine learning and…
Experts at the Doctor Web antivirus laboratory have discovered and investigated a new trojan clicker malware family. All of these trojans either are administered via the <span class="string">hxxps[:]//dllpgd[.]click</span> server or get downloaded and launched…
❤15🎃4👍3
Samsung S23 Ultra: The Ultimate NetHunter Setup(Android 14 Fix)
https://medium.com/@JanCSG/samsung-s23-ultra-the-ultimate-nethunter-setup-31c1105201d9
https://medium.com/@JanCSG/samsung-s23-ultra-the-ultimate-nethunter-setup-31c1105201d9
Medium
Samsung S23 Ultra: The Ultimate NetHunter Setup(Android 14 Fix)
I’ve spent the last couple of days trying to turn my S23 Ultra into the ultimate mobile hacking machine.
❤21🤡8👍7🗿3🥰1🎃1
A Frida-based utility for dynamically extracting native (.so) libraries from Android applications
https://github.com/TheQmaks/soSaver
https://github.com/TheQmaks/soSaver
GitHub
GitHub - TheQmaks/soSaver: A Frida-based utility for dynamically extracting native (.so) libraries from Android applications.
A Frida-based utility for dynamically extracting native (.so) libraries from Android applications. - TheQmaks/soSaver
❤17👍4🔥2
Android and authentication: The Evolution of FIDO Experiences on Android
https://bughunters.google.com/blog/fido
https://bughunters.google.com/blog/fido
👍13❤1
Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation
https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/
https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/
Welivesecurity
Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan
ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation.
👍12❤3
NFCShare (SuperCard X) Android Trojan: NFC card data theft via malicious APK
https://www.d3lab.net/nfcshare-android-trojan-nfc-card-data-theft-via-malicious-apk/
https://www.d3lab.net/nfcshare-android-trojan-nfc-card-data-theft-via-malicious-apk/
D3Lab
NFCShare Android Trojan: NFC card data theft via malicious APK
An Android trojan distributed via a Deutsche Bank phishing campaign pretends to be “Support Nexi,” prompts victims to tap their payment card and enter the PIN, then exfiltrates NFC data over a WebSocket. We attribute this cluster as NFCShare and provide technical…
👍11❤3
Disrupting the World's Largest Residential Proxy Network
https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network
https://cloud.google.com/blog/topics/threat-intelligence/disrupting-largest-residential-proxy-network
Google Cloud Blog
No Place Like Home Network: Disrupting the World's Largest Residential Proxy Network | Google Cloud Blog
IPIDEA’s proxy infrastructure is a component of the digital ecosystem leveraged by a wide array of bad actors.
👍14
The Rise of Android Arsink Rat
https://zimperium.com/blog/the-rise-of-arsink-rat
https://zimperium.com/blog/the-rise-of-arsink-rat
Zimperium
The Rise of Arsink Rat
true
👏12👍2