What does a kernel MTE panic actually look like on Apple Silicon? We built tooling to find out — and to make it KASAN-style useful. Pointer tag, memory tag, tag map. All in the panic output. 👉 binarygecko.com/blog/looking… #AppleSilicon #MTE #KernelSecurity #iOSSecurity

📡 Atlantis — Capture iOS & Android HTTP/HTTPS Traffic Without Proxy or Certificates Built by the Proxyman team for seamless mobile app traffic inspection. Features: • Capture HTTP/HTTPS traffic automatically • WebSocket & WSS interception • gRPC traffic support • No proxy setup required • No SSL certificate installation • Works with physical devices & simulators Supports: • iPhone & iPad • Apple Watch & Apple TV • Android apps using OkHttp, Retrofit & Apollo Powered by: • Method swizzling for live traffic interception • Bonjour-based local communication • Real-time inspection through Proxyman macOS app Useful for: • Mobile AppSec testing • API debugging • Reverse engineering • Network traffic analysis • iOS & Android pentesting 🔗 github.com/ProxymanApp/atlan… #MobileSecurity #iOSSecurity #AndroidSecurity #CyberSecurity #AppSec #ReverseEngineering #Pentesting

High-Risk Cyber Threat: ZeroDayRAT – Threat Intelligence Report The Telegram bot @ZeroDayRAT is actively commercializing an advanced mobile spyware/RAT classified as Malware-as-a-Service (MaaS). Launched on February 2, 2026, the kit enables full surveillance of Android and iOS devices at prices accessible to any malicious actor. Below is the complete, verified analysis. Detailed thread: 1/10 Core Technical Features ZeroDayRAT is a cross-platform RAT supporting: •Android 5 through 16 •iOS up to version 26.2 (including iPhone 17 Pro) The vendor supplies a payload builder and a self-hosted web control panel. Each purchaser hosts their own C2 server, eliminating centralized public IOCs and complicating attribution and tracking. 2/10 Confirmed Operational Capabilities The control panel provides real-time access to: •Continuous GPS geolocation and full location history (plotted on Google Maps) •Keylogger, screen capture, notifications, and SMS (including OTPs, enabling MFA bypass) •Live camera, microphone, and screen streaming •Credential harvesting from all major accounts (WhatsApp, Instagram, Telegram, Google, Amazon, etc.) •Financial modules: crypto-stealer (MetaMask, Trust Wallet, Binance, Coinbase) and bank-stealer (Apple Pay, Google Pay, PayPal, UPI) 3/10 Infection Vectors Infection occurs primarily through social engineering: •Smishing via SMS, WhatsApp, or Telegram •Urgent fake links (“bank update,” “delivery,” “account verification”) •Fake applications distributed through unofficial app stores The malware requires only accessibility permissions. Once installed, it operates in a fully stealth mode. 4/10 Commercial Model (MaaS) Official channel: t.me/ZeroDayRAT
Administrator: @ZeroDayAdmin
Alternative contact: ZeroDayRATofficial@gmail.com Reported pricing: •US$ 250 per day •US$ 1,000 per week •US$ 3,500 per month •US$ 2,000 (lifetime license with full builder and panel) Dedicated channels are maintained for sales, 24/7 support, and updates. 5/10 OSINT Pivot: pungj55-id (GitHub) The GitHub user “pungj55-id” operated a burner account created exclusively to promote ZeroDayRAT. The repository “iOS-Android-Spyware” contained technical descriptions identical to the bot and direct links to @ZeroDayRAT and @ZeroDayAdmin. The repository has been removed (404), consistent with reactive takedown following February 2026 media coverage. Historical caches preserve the evidence. 6/10 Actor Profile and Attribution The operator appears to be an independent developer or small commercial group with no identified links to state-sponsored APTs or ransomware operations. The strategy is to democratize advanced espionage tools for stalkers, financial fraudsters, and low-level cybercriminals. 7/10 Strategic Risks •Significant rise in sophisticated stalkerware targeting individuals, journalists, and activists •Large-scale financial fraud (cryptocurrencies and banking institutions) •Corporate espionage via BYOD devices •Acceleration of the mobile MaaS wave observed throughout 2026 8/10 Mitigation Recommendations •Avoid clicking links from unknown numbers in SMS, WhatsApp, or Telegram •Disable installation from unknown sources on Android •Use app- or hardware-based two-factor authenticators (avoid SMS) •Deploy Mobile EDR/XDR solutions with behavioral detection •Strengthen anti-phishing training and zero-trust policies for corporate devices #CyberSecurity #ThreatIntelligence #ZeroDayRAT #Malware #RAT #MaaS #InfoSec #MobileSecurity #AndroidSecurity #iOSSecurity #CyberThreat

🚨 CYBERINTEL ALERT: MOBILE INTRUSION FRAMEWORK FOR SALE ⚠️ CRITICAL THREAT: ANNOUNCEMENT OF GLOBAL "ZERO-CLICK" EXPLOIT FOR iOS AND ANDROID [STATUS: MONITORING ACTIVITY / SPREAD ON THE DARK WEB; UNDER INVESTIGATION] A threat actor operating under the alias "C2Exploit" has posted on specialized forums offering for sale a platform dubbed "C2 BlackSite." It is described as a mass exploitation and persistence framework designed to remotely compromise—without any user interaction (Zero-Click)—the latest versions of the market's dominant mobile operating systems. 👤 Threat Actor: C2Exploit. 🛠️ Vector Nature: Claims to offer a full exploitation chain: Remote Code Execution (RCE) via browsers $\rightarrow$ Sandbox Evasion $\rightarrow$ Kernel-level Privilege Escalation $\rightarrow$ Persistent Implant. 🌐 Access Channels: Infrastructure marketed exclusively via the Tor network using encrypted .onion links. 📱 Targeted Platforms: iOS (versions 13 through 26.4.2 ) and all Android architectures. 📊 INVOLVED TECHNICAL CAPABILITIES (TTPs) The listing details a comprehensive surveillance and data exfiltration suite that replicates the capabilities of military-grade spyware: Advanced Infection Vectors: Utilization of type confusion techniques within WebKit to achieve RCE. Evasion of PAC (Pointer Authentication Code) protection via dyld. Abuse of GPU processes and privilege escalation via system components such as `mediaplaybackd` or ICMPv6 vulnerabilities within the Kernel. Encrypted Messaging Data Exfiltration: Capability for direct extraction from the local databases (.sqlite) of secure messaging applications such as WhatsApp, Telegram, Signal, and iMessage. Real-Time Surveillance and Interception: Direct access to peripherals (front/rear cameras, ambient microphone) and live geolocation tracking. Keystroke logging (Keylogger), screenshots, and credential extraction from the system keychain (Keychain). Impact on Financial Assets and Crypto-Assets: Specific modules designed for the exfiltration of seed phrases and session tokens from high-profile wallets and financial platforms (MetaMask, Trust Wallet, Binance, Coinbase, among others). [VECERT ANALYSIS]: The posting of such advertisements on conventional cybercrime forums typically serves a dual purpose: the actual monetization of zero-day exploits (0-Days) or the execution of fraud campaigns (scams) targeting inexperienced buyers within the digital underground—a tactic driven by the high monetary value these exploit chains command in the legitimate vulnerability market. Nevertheless, the technical sophistication described in this arsenal necessitates active monitoring of Indicators of Compromise (IoCs) across corporate networks. 🛡️ DEFENSIVE MEASURES AND ENDPOINT RECOMMENDATIONS 🛑 Activation of High-Security Modes: In high-profile corporate environments or for personnel deemed to be at elevated risk, it is recommended to enable advanced protection features on iOS devices—specifically Lockdown Mode—which severely restricts WebKit functionality and halts the execution of configurations susceptible to zero-click exploits. 🔒 Strict Update Policies: Ensure that all mobile devices with access to institutional data apply operating system security patches immediately upon their release by the manufacturers. ⚠️ Education on Delivery Channels: Restrict or issue warnings regarding the opening of unusual URLs received from unknown senders via commercial messaging platforms (WhatsApp, SMS, Telegram), as these have been identified as the primary distribution channels for this type of malware implant. ⚡ MONITORING AND EVALUATION 🌐 Intelligence System: analyzer.vecert.io 🛡️ Quickly assess your website's security with: monitor.vecert.io/ #CyberSecurity #Spyware #ZeroClick #iOSSecurity #AndroidSecurity #WebKit #KernelExploit #ThreatIntelligence #CiberAlerta #VECERT #Infosec #C2BlackSite

These are the secret iPhone security settings most people don't know about. From resetting biometrics to special PIN codes, here are 11 iPhone hacks that will make your mobile device more secure. youtube.com/watch?v=mkbFd3hf… #iphonesecurity #iphonehacks #iOSSecurity

Coruna iOS Exploit Toolkit (Research Only) iOS 15–17 exploits WebKit chains Tested & partly analyzed ⚠️ Use in isolated lab only 🔗 github.com/khanhduytran0/cor… Dev by @khanhduytran0 #iOSSecurity #ExploitDev

⚠️ Coruna — Leaked iOS Exploit Toolkit (Research Only) Contains real iOS exploit chains and payloads • Covers multiple iOS versions (15 → 17) • Includes WebKit exploit chains (e.g. cassowary, seedbell) • Payloads partially deobfuscated analyzed • Modified to run locally for research/testing ⚠️ Contains malicious code — use only in isolated lab Repo: github.com/khanhduytran0/cor… #ExploitDev #iOSSecurity #ReverseEngineering

Mobile Security Cheatsheets: Essential Techniques for Testing 📱 A complete overview of mobile security practices covering Android and iOS application testing, forensic analysis, and debugging workflows. #MobileSecurity #AndroidSecurity #iOSSecurity #CyberSecurity #InfoSec

📱 From HackerOne Bug Bounty Programs → Decompiled Mobile Assets Automate your mobile recon pipeline. • Fetch Android / iOS / Executable assets • Bulk download with fallback bypass • One-command decompilation (jadx, dex2jar) • Clean, structured output for analysis github.com/0xbartita/h1-asse… Stop manual recon. Move faster. #BugBounty #MobileSecurity #Pentesting #AppSec #Recon #AndroidSecurity #iOSSecurity #InfoSec #SecurityTools

Signal's encryption is solid, but iOS is leaking your data. Learn how the FBI uses notification caches to recover deleted messages and how to stop it. #Signal #CyberSecurity #iPhonePrivacy #DataProtection #FBI #InfoSec #iOSSecurity securityonline.info/fbi-sign…

Top Apple Security Testing Tools From iOS app analysis to macOS security research, the Apple ecosystem has powerful open-source tools for learning and defensive testing. Great for researchers, analysts, and security enthusiasts exploring mobile and desktop security. Comment APPLE 🍏🔐👇 #cybersecurity #iossecurity #macos #infosec #mobilesecurity #apple

🚨 KEYNOTE SPEAKER REVEAL 🚨 We are absolutely HYPED to welcome @vlakhani28 to RECON 2K26!🔥 Vaibhav Lakhani is a Senior Offensive Security Consultant at Kroll, a top 15 hacker on NCIPC, a bug bounty legend, and holds OSCP, CRTO, CREST (CRT, CPSA), CEH & eJPT certs — yeah, he's built different🧠 He'll be taking the stage for our KEYNOTE: 🎯 "Drawing Parallels Between iOS and MacOS Pentesting with DVMA" This is the kind of talk you DO NOT want to sleep on. Whether you're just getting into mobile security or already deep in the game, Vaibhav is going to blow your mind! Big love to @htb_mumbai for making this collab happen!🤝 Stay tuned for more speaker drops & event details. #RECON2K26 #CyberSecurity #EthicalHacking #PenTesting #iOSSecurity #MacOSSecurity #OffensiveSecurity #Infosec #oscvitap #nullchaptervitap #CTF #HackTheBox #htbmumbai

⚠️ @thehackernews nailed it. DarkSword = 6-zero-day iOS full chain (CVE-2025-31277 JSCore CVE-2025-43520 XNU kernel) compromising 221 million unpatched devices (iOS 18.4–18.6.2) via zero-click watering-hole sites. Fileless JS, hit-and-run crypto/credential theft, then self-clean. Update to iOS 18.7.6 or 26.3.1 NOW. Can’t? Enable Lockdown Mode immediately. Who’s still on vulnerable iOS? Drop your version below 👇 #DarkSword #iOSSecurity #ZeroDay #Apple

TA446 is deploying the leaked DarkSword iOS exploit kit via targeted spear-phishing campaigns. iOS devices are at risk. Stay vigilant and update your security. #CyberSecurity #iOSSecurity

Apple alerts outdated iPhones and iPads via Lock Screen notifications about active exploits from Coruna and DarkSword kits targeting iOS 13 to 18.7. Updates or Lockdown Mode recommended. #iOSSecurity #ExploitKits #USA ift.tt/Tnu9Svx

OWASP Mobile Top 10 Security Risks 🔥 Telegram: t.me/hackinarticles ✴ Twitter: x.com/hackinarticles The OWASP Mobile Top 10 highlights the most critical security risks affecting mobile applications. It helps developers and security professionals identify common vulnerabilities in Android and iOS apps. ⚡ OWASP Mobile Top 10 📱 Improper Platform Usage 💾 Insecure Data Storage 📡 Insecure Communication 🔐 Insecure Authentication 🔑 Insufficient Cryptography ⚙️ Insecure Authorization 🧩 Client Code Quality Issues 🛡️ Code Tampering 🔍 Reverse Engineering 🌐 Extraneous Functionality 🌐 Reference: github.com/Ignitetechnologie… #CyberSecurity #OWASP #MobileSecurity #AppSec #AndroidSecurity #iOSSecurity #EthicalHacking #InfoSec

Dark Sword no iPhone: a mordida na maçã que ninguém quer sentir youtu.be/UZ6nF2hrHL8 #ciberseguranca #iossecurity #zeroday #privacidadedigital #coachdeosasco

Total control over your digital life. Stealth replaces basic VPNs with a full mobile security suite built to encrypt, protect, and optimize your entire device. #CyberSecurity #OnlinePrivacy #iOSSecurity #SecuritySuite #StealthPro

The complete digital fortress is coming to iOS. Sixteen powerful security and optimization tools built into one privacy-first mobile platform. #CyberSecurity #iOSSecurity #OnlinePrivacy #SecuritySuite #StealthPro

PoC exploit code is now public for CVE-2026-20643. Apple issues its first Background Security Improvement to fix this cross-origin Navigation API flaw. #AppleSecurity #CVE #PoCExploit #CyberSecurity #InfoSec #iOSSecurity #macOS #Vulnerability #AppSec securityonline.info/poc-expl…