LIVE THREAT INTELLIGENCE

Mobile
Security
Intelligence.

Real-time vulnerability tracking, technical analysis, and threat intelligence focused on Android, iOS, and mobile-first infrastructure.

View Threat Feed → Get Weekly Digest
62
CRITICAL
231
HIGH
1
EXPLOITED ITW
500
TRACKED
cypherbyte-feed — live@0.0.0.0
[SYS] CypherByte Intel Feed v2.6 — initializing...
[SYS] Connecting to NVD · Exploit-DB · GitHub Advisory
[FEED] 500 vulnerabilities loaded
HIGH
CVE-2026-44847 — MaxKB is an open-source AI assistant f…
CRIT
CVE-2026-44451 — Lumiverse is a full-featured AI chat a…
CRIT
CVE-2026-44450 — Lumiverse is a full-featured AI chat a…
HIGH
CVE-2026-44209 — Banks generates meaningful LLM prompts…
HIGH
CVE-2025-14361 — Missing Authorization vulnerability in…
$ _
Android Security
Kernel, framework, app layer
Mobile Pentesting
iOS & Android assessment
Exploit Research
CVE analysis & PoC review
Threat Intel
Actor tracking & IOCs
// LATEST ADVISORIES

Recent Vulnerabilities

View all 500 →
HIGH MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's web
Cross-platform
CRITICAL Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component
Cross-platform
CRITICAL Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server
Network
HIGH Banks generates meaningful LLM prompts using a template language that makes sens
Cross-platform
HIGH Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates all
Cross-platform
// INTELLIGENCE REPORTS

Latest Research

All reports →
CVE Analysis 7 min

CVE-2026-4798: Avada Builder Unauthenticated Time-Based SQLi via product_order

Avada Builder ≤3.15.1 passes the `product_order` parameter directly into a WooCommerce fallback query path without escaping or preparation, enabling unauthenticated time-based blind SQL injection.

#sql-injection#wordpress-plugin#unauthenticated-attack
CVE Analysis 7 min

CVE-2026-5441: OOB Read in Orthanc PSMCT_RLE1 Decoder Leaks Heap

The DecodePsmctRle1 function in Orthanc's DicomImageDecoder.cpp fails to validate escape markers near end-of-buffer, leaking heap contents into rendered DICOM image output.

#dicom-decoder#out-of-bounds-read#heap-leak
CVE Analysis 8 min

CVE-2026-0029: pKVM __pkvm_init_vm Logic Error Enables Local EoP

A logic error in __pkvm_init_vm of pkvm.c allows memory corruption in Android's protected KVM hypervisor layer, enabling local privilege escalation with no additional permissions required.

#memory-corruption#logic-error#privilege-escalation
newsletter-signup — weekly intel digest
// SUBSCRIBE

Weekly Mobile Security Digest

Every Friday — the most critical mobile vulnerabilities, threat actor activity, and security research. No noise. No marketing. Just intelligence.

No spam. Unsubscribe anytime. ~500 words per edition.