More results...
Android’s May 2025 security update includes patches for an exploited vulnerability in the FreeType open source rendering engine.
The post Android Update Patches FreeType Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
Chained exploitation through misconfigured web app and internal services. We started by exploiting a WordPress plugin vulnerability (CVE-2023-26326) to upload files, followed by a file read vulnerability (CVE-2024-2961) for remote code execution. From there, we cracked the database credentials, gained SSH access as the shawking user, and leveraged a vulnerable API endpoint to escalate to root. This highlights how overlooked configurations and service misconfigurations can lead to a full server compromise.
#CTF #PrivilegeEscalation #WebSecurity #CommandInjection #SSH #WordPress #LinuxPentesting #BugBounty #HackTheBox #RedTeam #CyberSecurity
The post HackTheBox – BigBang Machine Walkthrough (Hard Difficulty) appeared first on Threatninja.net.
The mobile threat landscape has shifted. According to Zimperium’s 2025 Global Mobile Threat Report, attackers are now prioritizing mobile devices over desktops. For enterprises, mobile is no longer a secondary risk. It’s now one of the primary at…
Google Play’s app marketplace has seen a dramatic 47% drop in available apps
— from 3.4 million to 1.8 million — since the start of 2024. An analysis by app intelligence provider Appfigures attributes the decline to stricter quality standards, expan…
LG will permanently shut down its Android smartphone update servers on June 30, 2025, ending all software, app, and security updates for its devices. If you’re still using an smartphone, you’ll want to install any remaining updates before that date, as…
Security researchers have exposed critical vulnerabilities in Qualcomm GPU drivers, impacting a vast array of Android devices from brands like Samsung, Honor, Xiaomi, and Vivo. These exploits, centered around the GPU Address Fault (GPUAF) primitive, ta…
An anonymous reader quotes a report from Ars Technica: Russian military personnel are being targeted with recently discovered Android malware that steals their contacts and tracks their location. The malware is hidden inside a modified app for Alpine Q…
A new Android spyware was discovered in a fake Alpine Quest app, reportedly used by Russian soldiers for war zone planning. Doctor Web researchers uncovered a new spyware, tracked as Android.Spy.1292.origin, targeting Russian military personnel. The malicious code was hidden in a trojanized Alpine Quest app and spread via Russian Android catalogs. The malware steals […]
Android phones will soon reboot themselves after sitting idle for three days. iPhones have had this feature for a while; it’s nice to see Google add it to their phones.
‘SuperCard X’ – a new MaaS – targets Androids via NFC relay attacks, enabling fraudulent POS and ATM transactions with stolen card data. Cleafy researchers discovered a new malware-as-a-service (MaaS) called SuperCard X targeting Android devices with NFC relay attacks for fraudulent cash-outs. Attackers promote the MaaS through Telegram channels, analysis shows SuperCard X builds […]