"Pixnapping" shows a malicious Android app can force other apps pixels into the compositor, exploit a GPU timing side-channel, and steal Google Authenticator 2FA codes in under 30 seconds often without permissions.

Serious bugs often occur in third-party components integrated by other software. @ifsecure and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click. https://t.co/LchMIdKP0P

DeepSeek-R1 mirrors human thought, learning from trial and error, reflecting on mistakes, and breaking down problems like we do. It's AI with human-like reasoning.

Dream big, no matter what it is. The human brain possesses remarkable neuroplasticity, enabling it to adapt, learn, and achieve what you consistently focus on and work toward.

Hey @ZALORA I have ordered some items. It was estimated to be delivered today. But looks like your support is not responding and there is no update on the item. Been following for a week now. Help!

1/10 - I've been doing offensive security source code review for a long time now, and along the way I've learnt a lot of lessons that can make you more effective. Some of them include:

To succeed in the future, you MUST learn web3. Here's a list of 24 top resources to get up to speed (for free):

🚨 ¡LARGAMOS! 🚀 Aprendé cómo explotar webviews junto a @imdadvs y @shiv__sahni en Apollo 12 en la #Eko2021 👏 🚨 NOW! Join @imdadvs & @shiv__sahni on Apollo 12 at @ekoparty to learn common webview related security issues & the story behind CVE-2021-21136 🔥 EN✅ | ES❌

📢 In this @ekoparty talk, Imdadullah Mohammed (@imdadvs) & Shiv Sahni (@shiv__sahni) will discuss common webview related security issues & how they discovered CVE-2021-21136 🔥 which allowed sensitive data leakage to 3rd parties via HTTP request headers. Join us at #Eko2021! 🙌

Mariana Trench is an open source static analyzer written to detect and prevent security issues in #Android and #Java applications. It can review large codebases, provide feedback to engineers, and detect bugs before they are introduced into a codebase.

iOS 14.7.1 / 14.6 / 14.4 #JAILBREAK News: RELEASE Of New XNU Vulnerability PoC (Open Source Code) VIDEO HERE: https://t.co/OtK3MVwkIC In a previous video, I said this will be released and it's now finally out. It's a bug reachable from the Sandbox and works on 14.7.1 and lower.

Webview: An in-app Web Browser created to ensure seamless user experience without context switching between browser and mobile application. How secure is that? Ask CVE:2021-21136 and @imdadvs at #BSidesBCN21 SagradaFamilia track on Sept 30 at 4.45pm CEST

building a new reconnaissance platform? I have attempted to gather most of the open source tool-set into a mind-map. You might refer this XMind: https://t.co/oSw70uA4C1 . Other file-types: https://t.co/hRVU7Phcah #recon #asm #monitoring #bugbounty

1hr to go! Catch us live talking about “Securing Webviews and The Story Behind CVE-2021–21136” at @HITBSecConf https://t.co/DEGN6Lkfzv #hitb #mobilesecurity #infosec #appsec #cybersecurity #HITB2021SIN Join us at 3pm SGT!!

Very happy to announce that I’ll be speaking at HITB2021SIN @HITBSecConf along with @imdadvs on Securing Webviews and the Story Behind CVE-2021-21136! Join us on Friday, 27 Aug 3:00 PM SGT!! #hitb #mobilesecurity #infosec #appsec #cybersecurity #HITB2021SIN

Writing an iOS Kernel Exploit from Scratch https://t.co/EZZWXGjV1i

I along with @shiv__sahni will be presenting our talk "Securing Webviews and The Story Behind CVE-2021–21136" at #HITB2021SIN on 27th Aug. #MobileSecurity https://t.co/3I4YXwTKCN

Meet WiFiDemon: iOS WiFi RCE 0-Day Vulnerability & a 'Zero-Click' Vulnerability That was Silently Patched

My recent Google Chromium bug in Android webview is now disclosed: https://t.co/NFGLtxW6g2 #infosec #cybersecurity #security #google #android #zeroday #mobileappsecurity

Hello world! I want to share with you a device I made, its name is "Yayagram", a machine that helps our beloved elders to keep communicating with their grandchildren . How? Let me open a thread to give you all the details of this contraption.