Hugging Face infrastructure was recently leveraged in an Android malware campaign distributing thousands of polymorphic APK variants.

The operation relied on user deception, accessibility abuse, and trusted content delivery paths rather than zero-day exploitation - reinforcing the role of social engineering and platform trust in modern mobile threats.

How are teams accounting for abuse of legitimate platforms?

Follow @technadu for balanced infosec reporting.

#Infosec #AndroidMalware #HuggingFace #ThreatIntelligence #MobileSecurity #CyberDefense

New by me: CybersecKyle Security How-To Series (Everyday Defense), Part 4 🔒📱
Phone hardening you can live with.

Most phone takeovers aren’t zero-days. It’s stolen devices, SIM swaps, lock screen notification leaks, and apps with way too much access. This guide lays out a practical baseline you’ll actually keep enabled, plus quick validation drills to prove your settings are doing what you think they’re doing.

Read: https://www.kylereddoch.me/blog/cyberseckyle-security-how-to-series-everyday-defense-part-4-phone-hardening-you-can-live-with/

#CybersecKyleHowTo #EverydayDefense #MobileSecurity #Privacy #Cybersecurity

Greek police arrested scammers using a fake cell tower for SMS phishing.

Phones were forced onto insecure 2G networks to harvest data and send bank-themed smishing.

https://www.technadu.com/greek-police-arrest-scammers-in-athens-using-fake-cell-tower-for-sms-phishing-operation/618856/

Thoughts?

#Smishing #MobileSecurity #InfoSec

🔥 Hack Android, iOS & IoT Apps!
Train with Abraham Aranguren in a 3-day intensive course at OWASP London Training Days.
CTFs, real challenges, Frida & Objection, built on OWASP MSTG & MASVS.
👉 https://londonowasptrainingdays2025.sched.com/event/2CRAw

#appsec #mobilesecurity #iot #owasp

Worried your phone might be tracked without your knowledge?

I published a detailed guide covering real warning signs, how to check Android and iPhone, and practical steps to protect your privacy.

Read here:
👉 https://techputs.com/how-to-know-if-your-phone-is-being-tracked/

#Privacy #CyberSecurity #MobileSecurity #OpenWeb #TechTips #tech #technology

This one’s worth revisiting.

Your phone’s operating system isn’t neutral — it defines what data is collected, where it goes, and who controls it.

Android and iOS optimize for ecosystems.
There are alternatives if privacy actually matters.

https://medium.com/@biytelum/your-phones-os-is-a-data-policy-there-are-the-alternatives-412310014b1e

#Privacy #MobileSecurity #B2B #DataProtection

The FBI warns of “quishing” attacks by a North Korean APT — QR codes used to steal credentials and bypass filters. When scanning replaces clicking, awareness must follow. 📱🎯 #Quishing #MobileSecurity

https://www.darkreading.com/mobile-security/fbi-quishing-attacks-north-korean-apt

HSBC’s mobile app reportedly restricts access on devices with sideloaded apps, impacting users who installed Bitwarden via F-Droid.

No malicious behavior has been alleged, and the situation appears tied to app-source detection rather than app function.

A practical example of how mobile threat models and platform controls can impact legitimate security tooling.

Source: https://www.theregister.com/2026/01/07/hsbc_bitwarden_sideloaded/?td=rt-3a

Follow TechNadu for objective infosec reporting.

#Infosec #MobileSecurity #OpenSource #AppIntegrity #RiskManagement #CyberSecurity

Android Pentesting Lab - Ultimate Setup Guide (2026)
This article provides a comprehensive guide for setting up an Android pentesting environment. It focuses on equipping users with the tools and knowledge needed to perform security assessments on Android applications.\n\nThe guide covers installing Android Studio, creating a virtual device using Genymotion or Android Virtual Device Manager (AVD), setting up Burp Suite to intercept network traffic, and configuring the emulator for efficient pentesting.\n\nThe lab includes exercises designed to help users familiarize themselves with common pentesting techniques such as reverse engineering, dynamic analysis, and fuzz testing.\n\nBy following this guide, users can gain practical experience in identifying vulnerabilities in Android applications and improve their skills in mobile application security.\n\n#Android #Pentesting #MobileSecurity #Guide

https://medium.com/@mscmkn/android-pentesting-lab-part-0-ultimate-setup-guide-2026-b268ec231e5c?source=rss------bug_bounty-5

Có ứng dụng mới chặn người lạ tắt điện thoại từ màn hình khóa! ng dụng này ngăn chặn truy cập vào các tính năng như Chế độ máy bay, Bluetooth, Điểm phát sóng và Menu Nguồn khi điện thoại bị khóa. #ChặnTắtĐiệnThoại #BảoMậtĐiệnThoại #AppMới #Security #MobileSecurity #Lockscreen #Pixel

https://www.reddit.com/r/opensource/comments/1q6n8g7/finally_an_app_to_block_intruders_from_turning/

🔒 Meet our new sponsor: Guardsquare

Trusted by over 975 customers worldwide, Guardsquare helps teams identify risks and defend their apps and SDKs against reverse engineering and tampering, keeping your mobile products secure in an ever-evolving threat landscape.

We’re proud to have Guardsquare on board for Appdevcon 2026. 🚀
Discover more: https://www.guardsquare.com

#appdevcon #adc2026 #mobilesecurity #Guardsquare

🚨 62.952 loại mã độc mới tấn công điện thoại di động của người Việt trong năm 2025! Hệ thống nTrust cảnh báo xu hướng tội phạm mạng tập trung vào nền tảng di động, đòi hỏi chúng ta nâng cao cảnh giác và bảo vệ thiết bị ngay hôm nay. 📱🔒 #CyberSecurity #AnNinhMạng #Malware #MãĐộc #MobileSecurity #BảoMậtDiĐộng

https://vietnamnet.vn/co-toi-62-952-loai-ma-doc-moi-tan-cong-nguoi-viet-tren-dien-thoai-di-dong-2479627.html

Spam calls used to be one of my greatest frustrations 😡 a distraction that interrupts my work, dinner, and focus alike. With iOS 26, Apple introduced Call Screening, a feature that answers unknown calls on your behalf, prompts the caller to identify themselves and explain their reason for calling, and then lets you decide whether to take the call. That simple feature turns nuisance calls into manageable decisions rather than unwanted interruptions. It’s not just about blocking numbers; it’s about knowing who is calling before your phone ever rings. Whether you’re trying to reduce stress, avoid scams, or just keep your attention where it belongs, Call Screening shows how thoughtful design can quietly improve everyday tech. If you don't have this turned on, do it now. You'll thank me.

TL;DR 
🧠 iOS 26 screens unknown calls before they ring
⚡ Callers must state their identity and reason
🎓 You see a transcript and choose to answer
🔍 It gives control back to the user

https://www.macworld.com/article/2935514/my-favorite-ios-26-feature-has-banished-spam-callers-once-and-for-all.html

#iOS26 #MobileSecurity #DigitalWellbeing #UserExperience #security #privacy #cloud #infosec #cybersecurity

Understanding that it's probably nowhere close to as good as the #GoogleTensor chip or #SamsungKnox, has anyone done an analysis of the #HardwareSecurity of the @jolla phone line?

#security #MobileSecurity #JollaPhone #SailfishOS

Kicksecure's guide reveals mobile phones' hidden dangers: baseband backdoors, relentless data harvesting by Google/Apple, Pegasus spyware, and Wi-Fi/Bluetooth risks. 📱🔒 Harden yours with best practices! #MobileSecurity #PrivacyMatters https://www.kicksecure.com/wiki/Mobile_Phone_Security

Mobile OS choice is now a privacy and governance decision.
Your phone’s OS is not neutral. Apple and stock Android assume background telemetry and ecosystem data flows.
This article breaks down four privacy-focused alternatives (GrapheneOS, LineageOS, CalyxOS, /e/OS), their trade-offs, and real use cases for both personal and business users.
👉 https://medium.com/@biytelum/your-phones-os-is-a-data-policy-there-are-the-alternatives-412310014b1e
#Privacy #Infosec #B2B #MobileSecurity #OpenSource

Since I haven't been getting much in the way of viewpoints, so I'm curious what people might say in the poll. What's your thought on the security implications of jailbreaking your primary iPhone?
#iPhone #Apple #security #infosec #mobileSec #mobileSecurity

The app store itself is part of your privacy surface.
F-Droid provides a catalog of open source Android apps built from source with clear tracking labels.
Aurora Store is different. It is a Google Play client that lets teams download apps without tying installs to Google accounts.
Different tools. Different risks. Same governance question.
#Privacy #Infosec #B2B #Android #MobileSecurity

While I feel this article could be be more explicit in places, it seems to be written by a security firm but take a fairly nuanced view of the risks and benefits of #Apple #iPhone jailbreaking. My takeaway would be that it's probably not a great idea for a primary phone; maybe acceptable if it buys you something you need and you're really going to take the time to study up on a keep on top of mitigating #security measures. I'm still interested in other views or references Fedi people might have. #mobileSecurity #mobileSec #infosec

https://www.eset.com/blog/en/home-topics/device-protection/jailbreaking-rooting-risks/

An acquaintance is thinking about jailbreaking their iPhone. Not being an Apple user, I haven't followed the topic closely, but I thought this was generally believed to be a bad idea from a security perspective (at least for a primary device).

Unfortunately what I can easily find online are people with no obvious credentials saying it's fine and security companies (who often overblow risks, like the infamous "juicejacking") saying it's bad. I'm hoping the Fediverse might be able to give me a more nuanced or fact-based perspective.

#iphone #security #mobileSecurity #mobileSec