• VayFul®
  • Posts
  • AppSec Monday: Hacking Android Apps with Burp Suite, Simplifying XSS Detection with Nuclei, Biometric Authentication Testing in Android...

AppSec Monday: Hacking Android Apps with Burp Suite, Simplifying XSS Detection with Nuclei, Biometric Authentication Testing in Android...

Cybersecurity — For Security Professionals

Hey! James here.

Today’s edition is all about Application Security and offensive tactics:

  • 📝 Hacking Android Apps with Burp Suite, Simplifying XSS Detection with Nuclei.

  • 🔥 The Role of Biometric Authentication Testing in Android App Security.

  • 🧠 Fake WalletConnect app on Google Play steals users’ crypto.

  • And more…

First time reading? Sign up here.

📰 Top Security News

  • Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors (unit42)

  • The Rising Cost of Vulnerable APIs and Bot Attacks – A $186 Billion Wake-Up Call for Businesses (Imperva)

  • Fake WalletConnect app on Google Play steals Android users’ crypto(Bleepingcomputer)

📝 Best Of Blogs

  • Feeld dating app - Your nudes and data were publicly available - Cyber 

    Security Services  (Fortbridge)

  • The Role of Biometric Authentication Testing in Android App Security (Headspin)

  • Possible DoS Vulnerability with Range Header in Rack Bounty [5420$ Bounty] (HackerOne)

🧠 Learning Resources

  • Hacking Modern Android Mobile Apps & APIs with Burp Suite (Danaepp)

  • 3 API Vulnerabilities Developers Accidentally Create  (Thenewstack)

  • Simplifying XSS Detection with Nuclei - A New Approach(ProjectDiscovery)

🛠️ Tools

  • AutoSSH - Automatically restart SSH sessions and tunnels (GitHub)

  • Zipslipper - Create tar/zip archives that try to exploit zipslip vulnerability. (GitHub)

⚡️ Misc

  • China-Linked Hackers Breach U.S. Internet Providers in New ‘Salt Typhoon’ Cyberattack (WSJ)

  • Programming 100: Fundamentals (TCM Security)

🎯 Favorite Quote

“The greatest glory in living lies not in never falling, but in rising every time we fall.“
- Nelson Mandela

💡 ABOUT VAYFUL®

Vayful® is a cybersecurity newsletter that curates the best cybersecurity news, research, tools, blogs, talks, tutorials, and learning resources — specially handpicked for security professionals. The content is curated with love by security professionals.

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here!

Did someone forward this email to you? Become a subscriber!

Have feedback or questions? Just hit reply and let us know.