LIVE THREAT INTELLIGENCE

Mobile
Security
Intelligence.

Real-time vulnerability tracking, technical analysis, and threat intelligence focused on Android, iOS, and mobile-first infrastructure.

View Threat Feed → Get Weekly Digest
10
CRITICAL
34
HIGH
2
EXPLOITED ITW
74
TRACKED
cypherbyte-feed — live@0.0.0.0
[SYS] CypherByte Intel Feed v2.6 — initializing...
[SYS] Connecting to NVD · Exploit-DB · GitHub Advisory
[FEED] 74 vulnerabilities loaded
MEDI
CVE-2026-5234 — The LatePoint plugin for WordPress is …
HIGH
CVE-2026-5231 — The WP Statistics plugin for WordPress…
MEDI
CVE-2026-3488 — The WP Statistics plugin for WordPress…
MEDI
CVE-2026-40265 — Note Mark is an open-source note-takin…
HIGH
CVE-2026-40262 — Note Mark is an open-source note-takin…
$ _
Android Security
Kernel, framework, app layer
Mobile Pentesting
iOS & Android assessment
Exploit Research
CVE analysis & PoC review
Threat Intel
Actor tracking & IOCs
// LATEST ADVISORIES

Recent Vulnerabilities

View all 74 →
MEDIUM The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Refer
Cross-platform
HIGH The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Script
Cross-platform
MEDIUM The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in
Cross-platform
MEDIUM Note Mark is an open-source note-taking application. In versions 0.19.1 and prio
Cross-platform
HIGH Note Mark is an open-source note-taking application. In versions 0.19.1 and prio
Cross-platform
// INTELLIGENCE REPORTS

Latest Research

All reports →
CVE Analysis 7 min

CVE-2026-5231: WP Statistics utm_source Stored XSS via innerHTML Sink

WP Statistics ≤14.16.4 copies raw utm_source into source_name on wildcard channel match, then renders it via innerHTML in admin chart legends — no escaping, no authentication required.

#cross-site-scripting#stored-xss#wordpress-plugin
CVE Analysis 8 min

CVE-2026-40262: Note Mark Asset Handler Stored XSS via MIME Sniffing

Note Mark's asset delivery handler serves uploaded files inline with no Content-Type or nosniff header, enabling stored XSS via SVG/HTML upload that executes under the app's origin.

#content-type-bypass#xss#file-upload
CVE Analysis 8 min

CVE-2026-41113: qmail tls_quit RCE via popen() in notlshosts_auto

sagredo qmail before 2026.04.07 exposes a remote code execution path through unsanitized popen() calls in notlshosts_auto triggered during TLS negotiation teardown.

#remote-code-execution#tls-protocol#popen-injection
newsletter-signup — weekly intel digest
// SUBSCRIBE

Weekly Mobile Security Digest

Every Friday — the most critical mobile vulnerabilities, threat actor activity, and security research. No noise. No marketing. Just intelligence.

No spam. Unsubscribe anytime. ~500 words per edition.