Since iOS 10, Apple has released the unpacked/decrypted kernel cache (*.ipsw), but the system source code, in particular the kernel and driver part, remain close-sourced. What is more, symbol info in the binary (kernel cache) has been greatly removed, which…

So here we go, after years of fun messing around using Magisk, it seems that Google FINALLY decided to "fix" SafetyNet to something useful, and that is to use key attestation to verify device status (after 3 years since introduced to Android's platform!)

Trojan-Spy.AndroidOS.Cookiethief turned out to be quite simple. Its main task was to acquire root rights on the victim device, and transfer cookies used by the browser and Facebook app to the cybercriminals’ server.

The other day, our Android traps ensnared an interesting specimen of software that can be used for stalking. On closer inspection, we found that this app outstrips all existing software of its class in terms of functionality.

Are cybercriminals and scammer's taking advantage of increased communication around COVID-19? Discovery shows new surveillanceware exploits the pandemic.

Android is launching new features for Advanced Protection Program users to automatically protect them from malware.

Android SMS Trojan portraying itself as an app to get you Coronavirus Safety Mask.

Pen-testing android apps require different methodologies than web applications. The difference is that you have to figure out by different methods.

MobSF is a tool for testing mobile applications. This article shows how to increase the security of iOS applications by integrating MobSF with Bitrise.

Cerebus is riding the COVID-19 / Coronavirus wave with a branded trojan that targets the financial data on your smartphone. .

Our team is closely monitoring TrickBot's developing capabilities, including its new cross-channel attacks using the TrickMo component.

In March 2020, Google patched a critical vulnerability affecting many MediaTek based devices. This vulnerability had been known by MediaTek since April 2019, and later exploited in the wild! In this post, we give some details about this vulnerability and…

Nuxt.js project

Zoom's privacy policy isn't explicit about the data transfer to Facebook at all.

We discovered a security vulnerability in Apple’s iOS that causes connections to remain unencrypted even after connecting to VPN.

I recently came up against my first split APK during an Android app security assessment. My usual toolkit doesn’t support split APKs, so I hacked together a solution to allow me to instrument…

Posted by Michael Hazard As part of the Android 11 developer preview we’ve released Android 11 system images , which are capable of ex...