@swaroopsy.bsky.social
1/6
That new iOS 26 jailbreak everyone's talking about? It's fake. And it's stealing your data.
Here's what @corellium.bsky.social Labs found when they tore apart #nekoJB Online 🧵
That new iOS 26 jailbreak everyone's talking about? It's fake. And it's stealing your data.
Here's what @corellium.bsky.social Labs found when they tore apart #nekoJB Online 🧵
October 24, 2025 at 4:10 AM
1/6
That new iOS 26 jailbreak everyone's talking about? It's fake. And it's stealing your data.
Here's what @corellium.bsky.social Labs found when they tore apart #nekoJB Online 🧵
That new iOS 26 jailbreak everyone's talking about? It's fake. And it's stealing your data.
Here's what @corellium.bsky.social Labs found when they tore apart #nekoJB Online 🧵
5/6: @corellium.bsky.social's virtual hardware platform.
They offer jailbroken iOS 26.0.1 on virtual devices including iPhone 17 Pro Max. No waiting for public exploits. No compromise on testing depth.
Root access across ALL iOS versions for comprehensive MAST.
They offer jailbroken iOS 26.0.1 on virtual devices including iPhone 17 Pro Max. No waiting for public exploits. No compromise on testing depth.
Root access across ALL iOS versions for comprehensive MAST.
October 17, 2025 at 5:24 AM
5/6: @corellium.bsky.social's virtual hardware platform.
They offer jailbroken iOS 26.0.1 on virtual devices including iPhone 17 Pro Max. No waiting for public exploits. No compromise on testing depth.
Root access across ALL iOS versions for comprehensive MAST.
They offer jailbroken iOS 26.0.1 on virtual devices including iPhone 17 Pro Max. No waiting for public exploits. No compromise on testing depth.
Root access across ALL iOS versions for comprehensive MAST.
4/4: But security researchers need to study these attacks to build better defenses!
Platforms like @corellium.bsky.social let professionals safely disable ASLR in controlled environments - like a practice gym for cybersecurity experts.
This is how we stay ahead of attackers! 💪
#iOS
Platforms like @corellium.bsky.social let professionals safely disable ASLR in controlled environments - like a practice gym for cybersecurity experts.
This is how we stay ahead of attackers! 💪
#iOS
October 8, 2025 at 4:13 AM
4/4: But security researchers need to study these attacks to build better defenses!
Platforms like @corellium.bsky.social let professionals safely disable ASLR in controlled environments - like a practice gym for cybersecurity experts.
This is how we stay ahead of attackers! 💪
#iOS
Platforms like @corellium.bsky.social let professionals safely disable ASLR in controlled environments - like a practice gym for cybersecurity experts.
This is how we stay ahead of attackers! 💪
#iOS
5/6 The solution: Integrate security testing into development lifecycle.
Platforms like @corellium.bsky.social's MATRIX feature automatically map findings to compliance standards (PCI DSS v4, GDPR, HIPAA), catching violations early.
Platforms like @corellium.bsky.social's MATRIX feature automatically map findings to compliance standards (PCI DSS v4, GDPR, HIPAA), catching violations early.
September 27, 2025 at 8:22 AM
5/6 The solution: Integrate security testing into development lifecycle.
Platforms like @corellium.bsky.social's MATRIX feature automatically map findings to compliance standards (PCI DSS v4, GDPR, HIPAA), catching violations early.
Platforms like @corellium.bsky.social's MATRIX feature automatically map findings to compliance standards (PCI DSS v4, GDPR, HIPAA), catching violations early.
Platforms like @corellium.bsky.social provide virtual mobile environments with built-in jailbreak capabilities, including support for the latest OS versions. No more waiting for rare physical jailbroken devices.
September 19, 2025 at 3:22 AM
Platforms like @corellium.bsky.social provide virtual mobile environments with built-in jailbreak capabilities, including support for the latest OS versions. No more waiting for rare physical jailbroken devices.
4/5 Smart security teams use platforms like @corellium.bsky.social that provide both Android and iOS virtual devices. This lets you test the actual threats each platform faces.
September 12, 2025 at 5:42 AM
4/5 Smart security teams use platforms like @corellium.bsky.social that provide both Android and iOS virtual devices. This lets you test the actual threats each platform faces.
4/5 The solution: Virtual iOS environments like @corellium.bsky.social provide instant iOS 18 access with built-in jailbreak. Test on the latest OS without hardware headaches.
September 5, 2025 at 3:34 AM
4/5 The solution: Virtual iOS environments like @corellium.bsky.social provide instant iOS 18 access with built-in jailbreak. Test on the latest OS without hardware headaches.
6/6
Getting started?
Try tools like @corellium.bsky.social to spin up iOS/Android in seconds & test safely.
What’s the wildest mobile bug you’ve found? Drop it below 👇
#BugBounty #MobileSecurity #CyberSecurity #InfoSec #Corellium
Getting started?
Try tools like @corellium.bsky.social to spin up iOS/Android in seconds & test safely.
What’s the wildest mobile bug you’ve found? Drop it below 👇
#BugBounty #MobileSecurity #CyberSecurity #InfoSec #Corellium
August 29, 2025 at 6:16 AM
6/6
Getting started?
Try tools like @corellium.bsky.social to spin up iOS/Android in seconds & test safely.
What’s the wildest mobile bug you’ve found? Drop it below 👇
#BugBounty #MobileSecurity #CyberSecurity #InfoSec #Corellium
Getting started?
Try tools like @corellium.bsky.social to spin up iOS/Android in seconds & test safely.
What’s the wildest mobile bug you’ve found? Drop it below 👇
#BugBounty #MobileSecurity #CyberSecurity #InfoSec #Corellium
6/6
Always decrypt first before static analysis.
Skipping this step = false negatives & weak security reports.
#iOSSecurity #MobilePentesting #AppSec #Corellium
Always decrypt first before static analysis.
Skipping this step = false negatives & weak security reports.
#iOSSecurity #MobilePentesting #AppSec #Corellium
August 22, 2025 at 5:40 AM
6/6
Always decrypt first before static analysis.
Skipping this step = false negatives & weak security reports.
#iOSSecurity #MobilePentesting #AppSec #Corellium
Always decrypt first before static analysis.
Skipping this step = false negatives & weak security reports.
#iOSSecurity #MobilePentesting #AppSec #Corellium
6/6
Platforms like @corellium.bsky.social make this possible by letting you safely analyze SDK behavior in virtual devices.
The question isn’t if your dependencies are secure - it’s whether you’ll find out before your users do #Corellium
Platforms like @corellium.bsky.social make this possible by letting you safely analyze SDK behavior in virtual devices.
The question isn’t if your dependencies are secure - it’s whether you’ll find out before your users do #Corellium
August 15, 2025 at 5:47 AM
6/6
Platforms like @corellium.bsky.social make this possible by letting you safely analyze SDK behavior in virtual devices.
The question isn’t if your dependencies are secure - it’s whether you’ll find out before your users do #Corellium
Platforms like @corellium.bsky.social make this possible by letting you safely analyze SDK behavior in virtual devices.
The question isn’t if your dependencies are secure - it’s whether you’ll find out before your users do #Corellium
7/7
Platforms like @corellium.bsky.social let teams test mobile apps & APIs in realistic environments - trace every call, check auth flows, and find issues before they become headlines.
How does your team test mobile app APIs?
#MobileSecurity #MobileApp #Corellium #CyberSecurity
Platforms like @corellium.bsky.social let teams test mobile apps & APIs in realistic environments - trace every call, check auth flows, and find issues before they become headlines.
How does your team test mobile app APIs?
#MobileSecurity #MobileApp #Corellium #CyberSecurity
August 8, 2025 at 9:04 AM
7/7
Platforms like @corellium.bsky.social let teams test mobile apps & APIs in realistic environments - trace every call, check auth flows, and find issues before they become headlines.
How does your team test mobile app APIs?
#MobileSecurity #MobileApp #Corellium #CyberSecurity
Platforms like @corellium.bsky.social let teams test mobile apps & APIs in realistic environments - trace every call, check auth flows, and find issues before they become headlines.
How does your team test mobile app APIs?
#MobileSecurity #MobileApp #Corellium #CyberSecurity
1/5
⚠️ 91% of organizations faced a software supply chain attack in 2024.
Mobile apps aren’t immune.
The SpinOK malware case proves it:
101 Android apps infected via a malicious ad SDK.
43 still live on Google Play-some with over 5M downloads.
⚠️ 91% of organizations faced a software supply chain attack in 2024.
Mobile apps aren’t immune.
The SpinOK malware case proves it:
101 Android apps infected via a malicious ad SDK.
43 still live on Google Play-some with over 5M downloads.
August 1, 2025 at 3:32 AM
1/5
⚠️ 91% of organizations faced a software supply chain attack in 2024.
Mobile apps aren’t immune.
The SpinOK malware case proves it:
101 Android apps infected via a malicious ad SDK.
43 still live on Google Play-some with over 5M downloads.
⚠️ 91% of organizations faced a software supply chain attack in 2024.
Mobile apps aren’t immune.
The SpinOK malware case proves it:
101 Android apps infected via a malicious ad SDK.
43 still live on Google Play-some with over 5M downloads.
1/6
A new invisible Android attack just dropped… and it's sneaky.
Researchers from TU Wien & University of Bayreuth discovered TapTrap – a tapjacking technique that tricks users into giving dangerous permissions without knowing.
#TapTrap #mobilesecurity
A new invisible Android attack just dropped… and it's sneaky.
Researchers from TU Wien & University of Bayreuth discovered TapTrap – a tapjacking technique that tricks users into giving dangerous permissions without knowing.
#TapTrap #mobilesecurity
July 18, 2025 at 3:41 AM
1/6
A new invisible Android attack just dropped… and it's sneaky.
Researchers from TU Wien & University of Bayreuth discovered TapTrap – a tapjacking technique that tricks users into giving dangerous permissions without knowing.
#TapTrap #mobilesecurity
A new invisible Android attack just dropped… and it's sneaky.
Researchers from TU Wien & University of Bayreuth discovered TapTrap – a tapjacking technique that tricks users into giving dangerous permissions without knowing.
#TapTrap #mobilesecurity
1/6
The world is in a mobile security crisis 📱⚠️
A recent AP investigation revealed that hackers are silently targeting smartphones of officials, journalists, and tech workers using zero-click attacks.
These attacks leave no trace.
The world is in a mobile security crisis 📱⚠️
A recent AP investigation revealed that hackers are silently targeting smartphones of officials, journalists, and tech workers using zero-click attacks.
These attacks leave no trace.
July 11, 2025 at 4:12 AM
1/6
The world is in a mobile security crisis 📱⚠️
A recent AP investigation revealed that hackers are silently targeting smartphones of officials, journalists, and tech workers using zero-click attacks.
These attacks leave no trace.
The world is in a mobile security crisis 📱⚠️
A recent AP investigation revealed that hackers are silently targeting smartphones of officials, journalists, and tech workers using zero-click attacks.
These attacks leave no trace.
1/5
In April 2025, a researcher bought a budget smartphone online. Looked legit. Pre-installed messaging apps. No red flags.
Then they tried sending crypto… and it was silently hijacked.
#SupplyChainSecurity #MobileSecurity #RuntimeTesting #Corellium
In April 2025, a researcher bought a budget smartphone online. Looked legit. Pre-installed messaging apps. No red flags.
Then they tried sending crypto… and it was silently hijacked.
#SupplyChainSecurity #MobileSecurity #RuntimeTesting #Corellium
July 4, 2025 at 2:57 AM
1/5
In April 2025, a researcher bought a budget smartphone online. Looked legit. Pre-installed messaging apps. No red flags.
Then they tried sending crypto… and it was silently hijacked.
#SupplyChainSecurity #MobileSecurity #RuntimeTesting #Corellium
In April 2025, a researcher bought a budget smartphone online. Looked legit. Pre-installed messaging apps. No red flags.
Then they tried sending crypto… and it was silently hijacked.
#SupplyChainSecurity #MobileSecurity #RuntimeTesting #Corellium
1/4:🍎 Getting started with iOS app pentesting in 2025?
Step 1: Get a jailbroken device
unc0ver (iOS 11-14.8)
palera1n (newer versions)
Check Can I Jailbreak? for compatibility
⚠️ New iPhones come with latest iOS = no public jailbreak. Buy older devices!
#iOSSecurity
Step 1: Get a jailbroken device
unc0ver (iOS 11-14.8)
palera1n (newer versions)
Check Can I Jailbreak? for compatibility
⚠️ New iPhones come with latest iOS = no public jailbreak. Buy older devices!
#iOSSecurity
June 27, 2025 at 3:34 AM
1/4:🍎 Getting started with iOS app pentesting in 2025?
Step 1: Get a jailbroken device
unc0ver (iOS 11-14.8)
palera1n (newer versions)
Check Can I Jailbreak? for compatibility
⚠️ New iPhones come with latest iOS = no public jailbreak. Buy older devices!
#iOSSecurity
Step 1: Get a jailbroken device
unc0ver (iOS 11-14.8)
palera1n (newer versions)
Check Can I Jailbreak? for compatibility
⚠️ New iPhones come with latest iOS = no public jailbreak. Buy older devices!
#iOSSecurity
1/4 Your favorite apps are probably sharing way more than you think. Just read about a crazy data breach - apps like Candy Crush and Tinder were quietly sending your exact location to data companies. When those companies got hacked? Millions of location histories got exposed. #MobileSecurity
June 20, 2025 at 4:43 AM
1/4 Your favorite apps are probably sharing way more than you think. Just read about a crazy data breach - apps like Candy Crush and Tinder were quietly sending your exact location to data companies. When those companies got hacked? Millions of location histories got exposed. #MobileSecurity
1/6:
🚨 SparkCat Malware Alert: "Safe" apps on Google Play and Apple App Store were stealing crypto wallet recovery phrases from your photos. Here's what happened and how to stay safe 🧵
#CyberSecurity #MobileSecurity #Cryptocurrency #AppSecurity #Corellium
🚨 SparkCat Malware Alert: "Safe" apps on Google Play and Apple App Store were stealing crypto wallet recovery phrases from your photos. Here's what happened and how to stay safe 🧵
#CyberSecurity #MobileSecurity #Cryptocurrency #AppSecurity #Corellium
June 13, 2025 at 3:05 PM
1/6:
🚨 SparkCat Malware Alert: "Safe" apps on Google Play and Apple App Store were stealing crypto wallet recovery phrases from your photos. Here's what happened and how to stay safe 🧵
#CyberSecurity #MobileSecurity #Cryptocurrency #AppSecurity #Corellium
🚨 SparkCat Malware Alert: "Safe" apps on Google Play and Apple App Store were stealing crypto wallet recovery phrases from your photos. Here's what happened and how to stay safe 🧵
#CyberSecurity #MobileSecurity #Cryptocurrency #AppSecurity #Corellium
1/5 Mobile location spoofing is one of the most overlooked attack vectors in mobile security.
Most teams are not testing for it, and it is surprisingly easy to exploit.
#MobileSecurity #Corellium #VulnerabilityResearch #CyberSecurity #AppSec
Most teams are not testing for it, and it is surprisingly easy to exploit.
#MobileSecurity #Corellium #VulnerabilityResearch #CyberSecurity #AppSec
June 6, 2025 at 5:08 AM
1/5 Mobile location spoofing is one of the most overlooked attack vectors in mobile security.
Most teams are not testing for it, and it is surprisingly easy to exploit.
#MobileSecurity #Corellium #VulnerabilityResearch #CyberSecurity #AppSec
Most teams are not testing for it, and it is surprisingly easy to exploit.
#MobileSecurity #Corellium #VulnerabilityResearch #CyberSecurity #AppSec
1/
Reverse engineering iOS apps is tough - no public jailbreaks, code signing issues, and getting decrypted IPAs is a pain.
It gets even harder with iOS 18+.
But using Ghidra + a virtual iPhone changed everything for me. 🧵
Reverse engineering iOS apps is tough - no public jailbreaks, code signing issues, and getting decrypted IPAs is a pain.
It gets even harder with iOS 18+.
But using Ghidra + a virtual iPhone changed everything for me. 🧵
May 30, 2025 at 5:04 AM
1/
Reverse engineering iOS apps is tough - no public jailbreaks, code signing issues, and getting decrypted IPAs is a pain.
It gets even harder with iOS 18+.
But using Ghidra + a virtual iPhone changed everything for me. 🧵
Reverse engineering iOS apps is tough - no public jailbreaks, code signing issues, and getting decrypted IPAs is a pain.
It gets even harder with iOS 18+.
But using Ghidra + a virtual iPhone changed everything for me. 🧵
1/4 iOS Security Testing Crisis: What the New SANS Report Reveals
The new SANS product review of @corellium.bsky.social validates what we've all been dealing with - iOS security testing with physical devices just isn't working anymore.
The new SANS product review of @corellium.bsky.social validates what we've all been dealing with - iOS security testing with physical devices just isn't working anymore.
May 23, 2025 at 5:07 AM
1/4 iOS Security Testing Crisis: What the New SANS Report Reveals
The new SANS product review of @corellium.bsky.social validates what we've all been dealing with - iOS security testing with physical devices just isn't working anymore.
The new SANS product review of @corellium.bsky.social validates what we've all been dealing with - iOS security testing with physical devices just isn't working anymore.
1/
“10 iPhones in my luggage” — that’s what iOS security training used to look like.
Throwback to AppSec USA when I had to bring 8–10 physical devices to every session. It was… a process.
“10 iPhones in my luggage” — that’s what iOS security training used to look like.
Throwback to AppSec USA when I had to bring 8–10 physical devices to every session. It was… a process.
May 16, 2025 at 5:19 AM
1/
“10 iPhones in my luggage” — that’s what iOS security training used to look like.
Throwback to AppSec USA when I had to bring 8–10 physical devices to every session. It was… a process.
“10 iPhones in my luggage” — that’s what iOS security training used to look like.
Throwback to AppSec USA when I had to bring 8–10 physical devices to every session. It was… a process.
1/6 Remember when Clubhouse raised privacy concerns about how their audio could be accessed? That came to mind while testing a client's new social audio app last week.
May 9, 2025 at 4:55 AM
1/6 Remember when Clubhouse raised privacy concerns about how their audio could be accessed? That came to mind while testing a client's new social audio app last week.
1/4 Perplexity AI App Had 10 Security Bugs at Launch. Speed vs. Security Is a False Choice
The recent Perplexity AI Android app launched with 10 security bugs that put users at risk for months. In past roles, I've heard "we can fix security later" too many times.
The recent Perplexity AI Android app launched with 10 security bugs that put users at risk for months. In past roles, I've heard "we can fix security later" too many times.
May 2, 2025 at 5:45 AM
1/4 Perplexity AI App Had 10 Security Bugs at Launch. Speed vs. Security Is a False Choice
The recent Perplexity AI Android app launched with 10 security bugs that put users at risk for months. In past roles, I've heard "we can fix security later" too many times.
The recent Perplexity AI Android app launched with 10 security bugs that put users at risk for months. In past roles, I've heard "we can fix security later" too many times.
1/ WhatsApp was fined €225M by Ireland’s data watchdog in 2021 for GDPR violations.
Why? Lack of transparency in data handling and unclear privacy policies.
A wake-up call for mobile apps. 🧵
Why? Lack of transparency in data handling and unclear privacy policies.
A wake-up call for mobile apps. 🧵
April 25, 2025 at 5:39 AM
1/ WhatsApp was fined €225M by Ireland’s data watchdog in 2021 for GDPR violations.
Why? Lack of transparency in data handling and unclear privacy policies.
A wake-up call for mobile apps. 🧵
Why? Lack of transparency in data handling and unclear privacy policies.
A wake-up call for mobile apps. 🧵