Discovery of 6 vulnerabilities in one Qualcomm driver and one of the used as In-the-Wild exploit
https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html

Authorities in Serbia used Cellebrite to unlock mobile phones so they could then infect them with NoviSpy Android malware
https://securitylab.amnesty.org/latest/2024/12/a-digital-prison-surveillance-and-the-suppression-of-civil-society-in-serbia/

Diving into ADB protocol internals (2/2)
https://www.synacktiv.com/publications/diving-into-adb-protocol-internals-22.html

Screen recording Android spyware distributed through Amazon Appstore
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/spyware-distributed-through-amazon-appstore/

Exploring Marauder, Bruce, and Ghost ESP on Cheap Yellow Device
https://www.mobile-hacker.com/2024/12/23/exploring-marauder-bruce-and-ghost-esp-on-cheap-yellow-device/

Android BADBOX Botnet Is Back
https://www.bitsight.com/blog/badbox-botnet-back

Install and run any firmware (Marauder, Bruce, Ghost ESP...) on ESP32 devices without using computer with M5Stick Launcher
https://www.mobile-hacker.com/2024/12/29/run-firmware-anywhere-flexibility-of-m5stick-launcher/

Android instrumentation using Frida
https://learnfrida.info/

How to install and run any firmware (Marauder, Bruce, Ghost ESP...) on ESP32 devices without using computer with M5Stick Launcher
https://www.mobile-hacker.com/2024/12/29/run-firmware-anywhere-flexibility-of-m5stick-launcher/

Ultimate iOS (iPhone & iPad) Hardening Guide
https://github.com/martinholovsky/Security-Blueprints/blob/main/iOS-Hardening-Guide.md

FireScam: Android information stealing malware with spyware capabilities
https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/

Emulating Android native libraries using unidbg
https://bhamza.me/blogpost/2024/09/10/Emulating-Android-native-libraries-using-unidbg.html

Unidbg to production
https://bhamza.me/blogpost/2024/09/20/unidbg-to-production.html

Boost Flipper Zero with FEBERIS: 3-in-1 SubGhz, NRF24, and WiFi board
https://www.mobile-hacker.com/2025/01/09/boost-your-flipper-zero-with-feberis-3-in-1-subghz-nrf24-and-wifi-board/

Fully-remote (0-click) bug on the Samsung S24 if Google Messages is configured for RCS (the default configuration on this device), as the trannoscription service decodes incoming audio before a user interacts with the message for trannoscription purposes. Issue is fixed now.
https://project-zero.issues.chromium.org/issues/368695689

Analysis of Autel MaxiCharger Android app to reviewing the attack surface
https://www.zerodayinitiative.com/blog/2025/1/15/reviewing-the-attack-surface-of-the-autel-maxicharger-part-two

Android malware in DoNot APT operations
https://www.cyfirma.com/research/android-malware-in-donot-apt-operations/

USB Army Knife: Close Access Penetest Tool
It is capable of: remote keystroke injection, VNC, USB network adapter, EvilAP, Marauder, record microphone, controlled over web interface with fancy LCD screen
https://www.mobile-hacker.com/2025/01/24/usb-army-knife-the-ultimate-close-access-penetest-tool/

Vulnerability of hotel room Android kiosk tablets
It was possible to execute ADB commands, unlock bootloader and possibly escalate privileges to root. Pull kiosk apps for reverse engineering and obtain servers (pivot) or hardcoded secrets.
As a result attacker could pose as another guest room terminal and control the air conditioning and lights, place orders, display bills, and eavesdrop on chats
https://devblog.lac.co.jp/entry/20250124

Analysis of TrickMo Android malware campaign targeting Poland
https://www.sirt.pl/atak-na-uzytkownikow-androida-falszywa-aplikacja-olx/

Android Tria stealer: malware that exfiltrates data and hijack accounts
https://securelist.com/tria-stealer-collects-sms-data-from-android-devices/115295/