Top Tweets for #mobile_security
#tools
#NetSec
#AppSec
#Mobile_security
"mitmproxy for fun and profit: Interception and Analysis of Application Traffic", Mar. 2026.
https://t.co/rw34IeQ0Yd
// A solid understanding of the protocols used by applications is a necessary prerequisite when assessing application security. In recent projects, we have had to intercept various types of network traffic across different platforms, including Linux, Android, and iOS. The purpose of this article is to introduce the mitmproxy tool and how to use it, as well as the different techniques that can be implemented to effectively intercept these communications, while taking into account the specific characteristics of each environment
#Kernel_Security
#Mobile_security
A 0-click exploit chain for the Pixel 9:
Part 1 - Decoding Dolby https://t.co/CTyOel2n3k
Part 2 - Cracking the Sandbox with a Big Wave https://t.co/w3XXXAx09n
Part 3 - Where do we go from here? https://t.co/nMFRevTJKA
// CVE-2025-36934, CVE-2025-54957.
The Dolby UDC is part of the 0-click attack surface of most Android devices because of audio transcription in the Google Messages application. Incoming audio messages are transcribed before a user interacts with the message..
#Kernel_Security
#Mobile_security
Dangling pointers, fragile memory - from an undisclosed vulnerability to Pixel 9 Pro privilege escalation
https://t.co/79R9JXWZ6K
// CVE-2025-6349: All versions from r53p0-r54p1
CVE-2025-8045: All versions from r53p0-r54p1
CVE-2025-2879: All versions from r29p0-r49p4, r50p0-r54p0
#exploit
#Kernel_Security
#Mobile_security
CVE-2025-38352:
Part 1 - https://t.co/KfFX8BK8mt In-the-wild Android Kernel Vulnerability Analysis + PoC https://t.co/CMIMYDOdDM
Part 2 - https://t.co/lxGuNMaCiZ Extending The Race Window Without a Kernel Patch
]-> Final PoC https://t.co/J3YLr4Rz6f
// This is a PoC for CVE-2025-38352, a vulnerability in the Linux kernel's POSIX CPU timers implementation. The September 2025 Android Bulletin mentions that this vulnerability has been used in limited, targeted exploitation in the wild
#tools
#Mobile_Security
"Breaking The Harmony: Offensive Testing Of HarmonyOS NEXT Applications With Harm0nyz3r & DVHA", Black Hat Europe 2025.
]-> Harmony OS Next Analysis Tool - https://t.co/LiJlhjXjli
]-> Damn Vulnerable Harmony Application - https://t.co/X0IvMCBWHz
// This talk presents the results of a security assessment of HarmonyOS NEXT and its application ecosystem, combining a custom-built testing framework (Harm0nyz3r) with a purposely vulnerable application (Damn Vulnerable HarmonyOS Application - DVHA). Live demonstrations will show how Harm0nyz3r maps an application's attack surface, crafts malicious payloads, and successfully exploits vulnerabilities in DVHA..
#SCA
#AppSec
#Mobile_Security
"Pixnapping Attack: Bringing Pixel Stealing out of the Stone Age", ACM Security 2025.
]-> https://t.co/nZoVYimXer
]-> Technical architecture of the vulnerability - https://t.co/9iqg0qA5UZ
// CVE-2025-48561;
Affected: Android 13-16, Google Pixel 6, 7, 8, 9, Samsung Galaxy S25
#tools
#Mobile_Security
"A Comprehensive Study on Static Application Security Testing (SAST) Tools for Android", 2024.
]-> A Unified Platform for Evaluating SAST Tools for Android - https://t.co/zrx9HYmHTj
// We propose a unified platform named VulsTotal, supporting various vulnerability types, enabling comprehensive and versatile analysis across diverse SAST tools. We also redefine and implement a standardized reporting format, ensuring uniformity in presenting results across all tools. Additionally, to mitigate the problem of benchmarks, we conducted a manual analysis of huge amounts of CVEs to construct a new CVE-based benchmark
#Fuzzing
#Kernel_Security
#Mobile_Security
Android Binder Fuzzing
https://t.co/Uz350LFJ7j
]-> fuzzer source code - https://t.co/HWdaCDwWLs
]-> example test case - https://t.co/HfOsjNWmO3
]-> Reproducing CVE-2023-20938 - https://t.co/Cm45DcYymk
]-> libdevbinder (Linux/Android on x86_64 / arm64) - https://t.co/jPQNXjZc50
// This post provides a practical guide to fuzzing the Binder kernel driver using the Linux Kernel Library
#Fuzzing
#Mobile_Security
"NASS: Fuzzing All Native Android System Services with Interface Awareness and Coverage", 2025.
]-> https://t.co/LUEihiDDha
// Compromised or malicious apps remain a primary security concern for Android. As Android tightens its app sandbox and further reduces the kernel's attack surface, native Android system services emerge as a promising target for privilege escalation. We implement NASS for Android's Binder RPC framework. NASS outperforms prior work regarding interface extraction, target exploration and bug finding capabilities, even without access to source code
#Mobile_Security
#Hardware_Security
Black Hat USA 2025:
"Breaking Chains: Hacking Android Key Attestation"
]-> Android key attestation library
https://t.co/wM5Kg0I3iD
// This presentation will take attendees on a deep dive into the Android Keystore, Android key attestation, and a litany of PKI vulnerabilities we discovered in an Android key attestation implementation, which includes the discovery of a systemic issue in Google's open source library for parsing Android key attestation X.509 certificate chains
#reversing
#IoT_Security
#WLAN_Security
#Mobile_Security
"WatchWitch: Interoperability, Privacy, and Autonomy for the Apple Watch", 2025.
]-> A set of scripts and tools for investigating and debugging Apple Watch communication - https://t.co/F6Qi8dJzf5
]-> Android Interoperability for the Apple Watch - https://t.co/9Ro2SW4NWV
// "WatchWitch" - is the first custom Android solution that enables Apple Watch interoperability, exposes security vulnerabilities, and promotes user privacy
#tools
#CogSec
#Mobile_Security
"Hijacking JARVIS: Benchmarking Mobile GUI Agents against Unprivileged Third Parties", 2025.
]-> Code & Data - https://t.co/XnHGXbX6wd
]-> Hijacking Tool - https://t.co/sM2Tzc5FAa
// .. all examined agents are significantly influenced by misleading third-party content and that their vulnerabilities are closely linked to the employed perception modalities and backbone LLMs ..
दूरसंचार विभाग, भारत सरकार द्वारा जनहित में जारी पोर्टल।
इसके द्वारा आप अपने नाम पर जारी सभी सिम की जानकारी, खोये/चोर�� हुए मोबाइल को ट्रैक/ब्लॉक कर सकते हैं।
संदिग्ध कॉल प्राप्त होने पर रिपोर्ट कर सकते हैं।
#SancharSathi
#Mobile_Security
दूरसंचार विभाग, भारत सरकार द्वारा जनहित में जारी पोर्ट��।
इसके द्वारा आप अपने नाम पर जारी सभी सिम की जानकारी, खोये/चोरी हुए मोबाइल को ट्रैक/ब्लॉक कर सकते हैं।
संदिग्ध कॉल प्राप्त होने पर रिपोर्ट कर सकते हैं।
#SancharSathi
#Mobile_Security
#RajasthanPolice
दूरसंचार विभाग, भारत सरकार द्वारा जनहित में जारी पोर्टल।
इसके द्वारा आप अपने नाम पर जारी सभी सिम की जानकारी, खोये/चोरी हुए मोबाइल को ट्रैक/ब्लॉक कर सकते हैं।
संदिग्ध कॉल प्राप्त होने पर रिपोर्ट कर सकते हैं।
#SancharSathi
#Mobile_Security
दूरसंचार विभाग, भारत सरकार द्वारा जनहित में जारी पोर्टल।
इसके द्वारा आप अपने नाम पर जारी सभी सिम की जानकारी, खोये/चोरी हुए मोबाइल को ट्रैक/ब्लॉक कर सकते हैं।
संदिग्ध कॉल प्राप्त होने पर रिपोर्ट कर सकते हैं।
#SancharSathi
#Mobile_Security
#RajasthanPolice
#Udaipurpolice
दूरसंचार विभाग, भारत सरकार द्वारा जनहित में जारी पोर्टल।
इसके द्वारा आप अपने नाम पर जारी सभी सिम की जानकारी, खोये/चोरी हुए मोबाइल को ट्रैक/ब्लॉक कर सकते हैं।
संदिग्ध कॉल प्राप्त होने पर रिपोर्ट कर सकते हैं।
#SancharSathi
#Mobile_Security
#RajasthanPolice
दूरसंचार विभाग, भारत सरकार द्वारा जनहित में जारी ।
आप अपने नाम पर जारी सभी सिम की जानकारी, खोये/चोरी हुए मोबाइल को ट्रैक/ब्लॉक कर सकते हैं।
संदिग्ध कॉल प्राप्त होने पर रिपोर्ट कर सकते हैं।
#Mobile_Security
@PoliceRajasthan @sancharsathi
दूरसंचार विभाग, भारत सरकार द्वारा जनहित में जारी पोर्टल।
➡️इसके द्वारा आप अपने नाम पर जारी सभी सिम की जानकारी, खोये/चोरी हुए मोबाइल को ट्रैक/ब्लॉक कर सकते हैं।
➡️संदिग्ध कॉल प्राप्त होने पर रिपोर्ट कर सकते हैं।
#SancharSathi
#Mobile_Security
@PoliceRajasthan @RajCMO
दूरसंचार विभाग, भारत सरकार द्वारा जनहित में जारी पोर्टल।
इसके द्वारा आप अपने नाम पर जारी सभी सिम की जानकारी, खोये/चोरी हुए मोबाइल को ट्रैक/ब्लॉक कर सकते हैं।
संदिग्ध कॉल प्राप्त होने ��र रिपोर्ट कर सकते हैं।
#SancharSathi
#Mobile_Security
#RajasthanPolice
#Dausapolice
Last Seen Hashtags on Sotwe
nolimit()*++filter:native_video
Seen from Turkey
dahsyatnya3some
Seen from Indonesia
public
นัดเย็ดฟรี
Seen from Thailand
faslı
Seen from Turkey
对镜
Seen from Singapore
ديوثها
Seen from United Kingdom
creampiepussy
Seen from Malaysia
beurette voile
Seen from France
nolimit(*)** +filter:native_video
Seen from Germany
Most Popular Users
Elon Musk 
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.3M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.6M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.3M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers