🚨 UPDATE YOUR DEVICES 🚨: Amnesty International uncovers sophisticated zero-day exploit affecting billions of Android devices.

Cellebrite's Linux USB exploit was used to unlock the phone of a Serbian youth activist, targeted in December 2024 **after** previous reports abuses Our team at the Security Lab saw this Linux kernel USB exploit chain used against multiple people since mid-2024.

We shared traces of exploit with Google's Threat Analysis Group allowing for the identification of at least three zero-day vulnerabilities

securitylab.amnesty.org/latest/2025/02…

🚨 BREAKING: Amnesty’s latest report on digital surveillance in Serbia: new *NoviSpy* spyware discovered; zero days identified and patched; and first evidence showing use of Cellebrite UFED forensic products to unlock phones to then infect with spyware. 🧵 1/ In February 2024, During a supposedly routine police traffic stop, Serbian journalist Slaviša Milanov had his phone unlocked with Cellebrite and covertly hacked and infected with the *NoviSpy* spyware by Serbian authorities

securitylab.amnesty.org/latest/2024/12…

Bombshell new report today from Haaretz (@omerbenj) about the spyware industry’s continued efforts to subvert our collective cyber-security, now by turning already invasive ad networks into spyware infection vectors.

haaretz.com/israel-news/20…
haaretz.com/israel-news/20… Ad-network powered spyware infection is enabled by combining tactics from the targeted digital advertising ecosystem and the mercenary spyware industry; two industries whose business models are inherently incompatible with the right to privacy.