All CosmicBytez Labs articles tagged #Mobile Security, across news, security advisories, how-to guides, and projects.
A new RedHook variant abuses Android's Wireless Debugging feature to gain shell-level privileges without a USB connection — a novel technique that bypasses traditional physical access requirements.
A new Android malware operation called RedWing is being rented out on Telegram as a ready-made bank-fraud service, letting even low-skill criminals take...
A high-severity use-after-free vulnerability lurking in Samsung's KNOX security framework for eight years left Galaxy devices from the S9 through S25...
A high-severity vulnerability in Samsung's Galaxy Editing Service allows local attackers to execute privileged operations due to improper export of Android…
A critical CVSS 9.8 command injection vulnerability in the FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), enabling…
Google's June 2026 Android security bulletin addresses 124 vulnerabilities including CVE-2025-48595, an actively exploited zero-day used in limited targeted…
A single development-mode setting left in production code bypassed Android protections designed to prevent unauthorized apps from accessing Microsoft account…
Google's June 2026 Android security update patches 124 vulnerabilities including one zero-day flaw that has been actively exploited in targeted attacks…
Apple's annual transparency report reveals the company blocked over 2 million App Store submissions, 1.1 billion accounts, and $2.2 billion in potentially...
Researchers at HUMAN Security uncovered Trapdoor, a sophisticated Android ad fraud and malvertising operation that used 455 malicious apps and 183...
Ivanti has disclosed a high-severity improper input validation vulnerability in Endpoint Manager Mobile (EPMM) that is being actively exploited in the...
Cybersecurity researchers discovered 28 fraudulent Android apps on Google Play claiming to offer call history lookups, which instead enrolled users in...
Attackers are actively exploiting a new zero-day vulnerability in Ivanti Endpoint Manager Mobile (EPMM), the latest in a long series of critical flaws...
A now-patched security vulnerability in the widely used EngageLab Android SDK allowed apps on the same device to bypass the Android security sandbox and...
A new Android malware named NoVoice was discovered hiding in over 50 apps on the Google Play Store, with a combined download count of at least 2.3...
Google is testing a new Android Advanced Protection Mode enforcement in Android 17 Beta 2 that automatically strips non-accessibility apps of their...
Google's March 2026 Android security bulletin addresses 129 vulnerabilities, including CVE-2026-21385 — an actively exploited zero-day in a Qualcomm...
ESET researchers discover PromptSpy, the first known Android malware family that abuses Google's Gemini AI at runtime to dynamically navigate device UIs...
A new mobile spyware platform called ZeroDayRAT supports Android 5-16 and iOS up to version 26, providing real-time camera streaming, keylogging, 2FA...