The first ever OWASP MAScon is happening inside OWASP Global AppSec EU 2026 in Vienna, June 25 to 26, during 25 years of OWASP. Organized by Carlos Holguera @grepharder and Sven Schleier, with talks from Carlos, Stefan Bernhardsgrütter, Sergi Alvarez @pancake, Jan Seredynski, Ole André Vadla Ravnås @oleavr, and Jeroen Beckers.
2/7 Key findings:
- 976 proxy classes intercepting 208 system API categories (GPS, camera, clipboard, crypto)
- 97.1% of internal APIs (396/408) have ZERO access control
- PatchProxy: every security method remotely replaceable without app update
- SM4 encryption remotely disableable by server config
Full analysis: github.com/sgInnora/alipay-securityguard-analysis
#introduction I'm Jiqiang Feng, independent security researcher at Innora AI. I found 17 vulnerabilities (CVSS up to 9.3) in Alipay, a payment app used by 1B+ people. 18 CVEs filed with MITRE. Peer-reviewed paper published by IACR.
My Twitter/X account was permanently suspended during this disclosure. 8 research articles were also deleted from WeChat by the vendor's lawyers.
innora.ai | github.com/sgInnora
Android sideloading is getting a new speed bump: Google will require a 24-hour wait before installing apps from unverified developers, a move supposedly meant to make malware and scam-driven installs harder to pull off.
https://thehackernews.com/2026/03/google-adds-24-hour-wait-for-unverified.html
#AndroidSecurity #Cybersecurity #Malware #MobileSecurity #Google
Android is rolling out a new security system 🔒 for sideloading that includes developer verification, mandatory wait times, and device restarts. The goal? Disrupting scam tactics while keeping the platform open. Here's how the new flow actually works and what it means for users wanting to install apps outside official stores 📱
Read the article to learn more: https://true-tech.net/android-sideloading-security-update-2026/
#Android #Cybersecurity #Sideloading #AppSecurity #MobileSecurity
https://true-tech.net/android-sideloading-security-update-2026/
Google Adds Friction to Android Sideloading to Block Scammers
#Android #Cybersecurity #MobileSecurity #AppSecurity #AusNews #AIGenerated
Hundreds of millions of iPhones vulnerable to DarkSword hack
#Cybersecurity #iPhone #DarkSword #MobileSecurity #AusNews #AIGenerated
Coruna iOS web malware kit: JavaScript payloads targeting iPhones via browser. iPhone users aren't immune—just differently targeted. Web exploits ignore OS loyalty. 🍱📱
Android 17 is tightening Accessibility API access to stop malware from abusing system permissions.
The update integrates with Advanced Protection Mode to reduce privilege escalation and limit sensitive data access.
🔐 Is Your Business Protected from Cyber Threats?
Websites, APIs, and mobile apps are constant targets for cyber attacks.
With solutions powered by Bitdefender, SARC Infosolution helps businesses secure:
✔ Mobile Applications
✔ Websites
✔ APIs
✔ Endpoints
Cybersecurity is no longer optional — it is essential.
Hashtags
#CyberSecurity
#DataProtection
#APIsecurity
#MobileSecurity
#DigitalSecurity
OWASP MAS
Innora
Network Pro Strategies
TrueTech Technology Magazine
The Daily Perspective
TechNadu