Application security news, updated daily (if there is any news to share).
Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.
A GitHub-reviewed advisory warns @mobilenext/mobile-mcp users that unvalidated URL schemes in mobile_open_url allow prompt-injected AI agents to trigger arbitrary Android intents via ADB.
GitHub Security Lab reports Signal Android `website` APKs before `v8.4.2` let any installed app exfiltrate decrypted attachments via Intent redirection abusing an unprotected update receiver.