🔬 In JavaScript, the instruction "Function(inputString)()" cause the content of "inputString" to be executed. "Function()" is a constructor that creates a new function from a string of code, similar to "eval()", but slightly more contained.

#appsec #appsecurity

Example of execution.

🧑‍🎓 Learning of the day for me thanks to @pentesterlab.com (for the presentation of the behavior and the code review lab) and Claude (for the detailed explanation):

#appsec #appsecurity

Elevate your app security with Azure AD by implementing multi-factor authentication, securing API access, and leveraging conditional access policies. Enhance your defense strategy today! #AppSecurity #AzureAD

Protect your Apple TV apps with advanced RASP+ runtime defense and AppiCrypt API integrity.

Go beyond basic checks to block tampering and API abuse.

🔒 Read more: docs.talsec.app/appsec-artic...

#AppSecurity #DevSecOps

Is Yacine TV Safe to Use?

Many users ask if the Yacine TV app is safe since it’s not available on official app stores.

Learn how to use the app more safely before installing: yacinetvsapk.com

#YacineTV #StreamingApps #AppSecurity #TechReview

Hacked Prayer App Weaponised to Send Surrender Messages to Iranians A Muslim prayer app was compromised to push surrender messages to Iranian users during Israeli airstrikes, raising urgent questions about civilian app security.

Hacked Prayer App Weaponised to Send Surrender Messages to Iranians

#Cybersecurity #Iran #InfoWar #AppSecurity #MiddleEast #AusNews

thedailyperspective.org/article/2026-03-01-hacke...

Overview of one repo

🧑‍🎓 As part of my homework on AI from an AppSec perspective, I have decided to gather all my content on GitHub so that I can share it in case anyone is interested.

📖 Cheat sheet, methodology and tools: github.com/righettod/to...

🔬 R&D: github.com/righettod/po...

#appsec #appsecurity #ai

Is Yacine TV App Safe to Use? Full Security Review

Before installing any third-party streaming app, safety comes first. We analyzed Yacine TV by checking its permissions, running security tests, and reviewing user feedback.
yacinetvsapk.com/yacine-tv-ap...

#YacineTv #AppSecurity #StreamingApp

Android mental health apps with 14.7M installs filled with security flaws Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users' sensitive medical information.

Android mental health apps with 147M installs were found riddled with security flaws — when care meets code, privacy must be non-negotiable. 📱🧠 #AppSecurity #HealthDataProtection

1,575 vulnerabilities found in 10 Android mental health apps (14.7M+ installs).
Issues include weak token generation, local data exposure, missing root detection.
These apps store therapy transcripts and CBT notes.
Are digital health apps secure enough?
#CyberSecurity #AndroidSecurity #AppSecurity

Most Dangerous Mobile Apps in 2026 That Can Secretly Steal Your Data - DevPathshala Dangerous mobile apps in 2026 that secretly steal data. Learn how these apps spy on you and how to stay safe.

Most “free” apps hoard more data than they need, from pregnancy trackers to flashlights, then quietly ship it to third parties. If an app wouldn’t survive without spying, maybe it shouldn’t. #AppSecurity #DarkPatterns #Infosec
devpathshala.com/most-dangero...

Choosing Android App Development Services for Security Cyber threats to mobile apps rise each year sharply. Users lose data and trust from weak spots. Android app development services protect…

Choosing Android App Development Services for Security

Discover key factors like secure coding practices, encryption standards, regular testing, & industry expertise to ensure your mobile app remains safe & reliable for users.
Read More: medium.com/@cssoftsolut...

#AndroidDevelopment #AppSecurity

Web Application Firewall Market Size, Share, Analysis 2035 Web Application Firewall Market is Estimated to Reach a Valuation of $ 44.15B By 2035, Reaching at a CAGR of 16.37% During 2025 - 2035 | Solutions Drives Market Growth

Web Application Firewall Market Size, Share, Analysis 2035 www.marketresearchfuture.com/reports/web-...
#WebApplicationFirewall #CyberSecurity #ICTInnovation #SmartSecurity #EmergingTech #DigitalProtection #AppSecurity

🚀 The Role of Staff Augmentation in Enhancing Web Application Security
Learn how staff augmentation helps strengthen web app security by adding specialized expertise.

👉 Read the full article:
www.ortussolutions.com/blog/the-rol...

#WebSecurity #StaffAugmentation #AppSecurity #DevOps

App Permissions and Security Basics: Essential iOS Interview Questions with Expert Answers Nail your iOS interview with expert answers on permissions, Keychain, App Transport Security, and iOS security best practices.

I just published App Permissions and Security Basics: Essential iOS Interview Questions with Expert Answers medium.com/p/app-permis...
#iOS #iOSDeveloper #Swift #iOSSecurity #AppSecurity #MobileSecurity #iOSInterview #TechInterview #AppleDeveloper #Keychain #Biometrics #SwiftUI #iOSDevelopment

Execution of the POC performed.

🧑‍🎓 Learning of the day for me thanks to @pentesterlab.com and Claude.

🔬 For the regular expression "[A-z]":

In a character class [X-Y], it matches all characters with ASCII codes from X to Y inclusive. So [A-z] means all ASCII characters from 65 (A) to 122 (z).

#appsec #appsecurity

ICYMI, Jan. 26–30 is #DataPrivacyWeek. Check out this short post and quick guide to privacy settings for 18 common apps from @wizertraining!

tinyurl.com/privacy-sett...

#AppSecurity #MobileSafety #OnlinePrivacy #OnlineSafety #StayWizer

POC performed.

🧑‍🎓 Learning of the day for me: I discovered that browsers (at least Chromium) display an SVG image even if the specified content type is set to XML. The contained JS script is also executed.

#appsec #appsecurity

Firehound reveals massive data leaks in App Store apps, exposing millions of users' personal info. Time for developers to prioritize security! #DataPrivacy #AppSecurity #FirehoundFindings Link: thedailytechfeed.com/firehound-re...

Overview of the page.

📡 OWASP Secure Headers Project: We have added information and examples regarding the Trusted Types feature of the Content-Security-Policy header.

📖 owasp.org/www-project-...

#appsec #appsecurity #owasp_shp

How VAPT Strengthens Mobile App Security: Essential Insights for Business Owners Discover how VAPT enhances mobile app security, identifies vulnerabilities, ensures compliance, & protects business data from cyber threats for business owners.

How VAPT Strengthens Mobile App Security: Essential Insights for Business Owners

📖 Read here: www.linkedin.com/pulse/how-va...

#MobileAppSecurity #VAPT #CyberSecurity #DataProtection #BusinessSecurity #PenetrationTesting #VulnerabilityAssessment #AppSecurity #ECSInfotech #ECS

Unmasking "Wonderland" – The New Wave of Android Droppers & SMS Stealers In this episode of Upwardly Mobile, we dive deep into the evolving landscape of Android malware. We break down the emergence of Wonderland (formerly WretchedCat), a sophisticated SMS stealer targeting users in Uzbekistan through legitimate-looking "dropper" applications. We explore how threat actors, specifically the "TrickyWonders" group, are leveraging Telegram and malicious ad campaigns to bypass security checks and hijack devices. We also discuss the broader trend of Malware-as-a-Service (MaaS), including new threats like Cellik, Frogblight, and NexusRoute that are lowering the barrier to entry for cybercriminals globally. From real-time screen streaming to bypassing Google Play protections, we analyze the tactics defining modern mobile security threats. Key Topics Discussed: - The Rise of Droppers: How malware operators are shifting from "pure" Trojans to "droppers" (like MidnightDat and RoundRift) that appear harmless to evade detection before deploying payloads. - Wonderland's Capabilities: How this malware establishes bidirectional communication to intercept OTPs, steal contacts, and execute USSD requests. - The MaaS Economy: A look at the "Cellik" RAT, which offers one-click APK building to bundle malware inside legitimate apps, and "Frogblight," which targets users via fake court documents. - Government Impersonation: How "NexusRoute" is targeting users in India by mimicking government service portals to steal financial data and UPI PINs. - Defense Strategies: The importance of blocking unknown source installations and monitoring for suspicious SMS/USSD patterns. Sponsored By: This episode is brought to you by Approov. Stop mobile app abuse and API misuse. Ensure that the requests your API handles are from the genuine mobile app running on a safe mobile device. 👉 Visit our sponsor: https://approov.io/ Relevant Links & Source Materials: - The Hacker News: https://thehackernews.com/2025/12/android-malware-operations-merge.html - SC Media: https://www.scworld.com/brief/android-malware-wonderland-evolves-with-dropper-apps-targeting-uzbekistan - Cypro: https://www.cypro.se/2025/12/22/android-malware-operations-merge-droppers-sms-theft-and-rat-capabilities-at-scale/ Keywords: Android Malware, Wonderland, SMS Stealer, Dropper Apps, Mobile Security, Remote Access Trojan (RAT), TrickyWonders, Cybersecurity, One-Time Password (OTP) Theft, Malware-as-a-Service, Approov.     

📣 New Podcast! "Unmasking "Wonderland" – The New Wave of Android Droppers & SMS Stealers" on @Spreaker #androidmalware #approov #appsecurity #cybersecurity #infosec #mobilesecurity #technews #upwardlymobile #wonderlandmalware

Engenharia de software moderna Software virou infraestrutura social. Ele está no banco, no hospital, no transporte, no comércio, na escola, no governo, no entretenimento

Engenharia de software moderna

#computer #computador #Technology #tecnologia #software #softwaredevelopment #softwareengineer #softwaredeveloper #engenharia #engenhariadesoftware #softwaretesting #segurancadigital #AppSecurity #devops #desenvolvimentoweb #mobile

www.moprius.com/2026/01/enge...

Securing Secrets in Android: What Actually Works in Production In Android apps, nothing on the client is truly secret. APKs can be decompiled, strings extracted,...

Securing Secrets in Android: What Actually Works in Production In Android apps, nothing on the client is truly secret . APKs can be decompiled, strings extracted, memory inspected, and runtime beha...

#android #androiddev #appsecurity #kotlin

Origin | Interest | Match

Security concerns emerged regarding F-Droid's build server, currently managed by a long-time contributor. This raises questions about transparency and potential risks compared to professional hosting solutions. #AppSecurity 3/6

Secure your mobile apps: encrypt data, test regularly, and stay updated with security patches. #AppSecurity #TechTips
#softwaredevelopment
Visit our website www.maxvisionsolutions.com

GitHub just rolled out the ability for orgs to control who can request new apps. This is a game-changer for IT teams trying to manage app sprawl and security. No more random requests from everyone! Finally. 🔒 #GitHub #AppSecurity

Duende IdentityServer v7.4 is now available Duende IdentityServer v7.4 is here! Full compatibility with .NET 10 LTS, plus a standards-based foundation for agentic AI systems and MCP.

Duende IdentityServer v7.4 is here! 🎉 Shipping with .NET 10 LTS, so you can modernize your apps and build solutions engineered to last. 🔐

duende.link/5pwbntg

#Duende #IdentityServer #dotnet10 #LTS #AppSecurity

The "Freedom Chat" app itself leaked plaintext PINs & user data due to poor development practices like lacking rate limiting & proper data serialization. A stark reminder of basic security principles being overlooked. 🤦‍♀️ #AppSecurity 4/6

It’s an API, do I really need to escape anything? - Treblle Escaping output is often overlooked in APIs, but it’s crucial for preventing security vulnerabilities like XSS attacks. Even when returning JSON, unsafe characters can lead to risks if not properly es...

💡 Very interesting article about output escaping in an API context:

#appsec #appsecurity #api

treblle.com/blog/api-esc...