Cybersecurity Alert: SMS Blaster Arrests, 38 OpenEMR Vulnerabilities, 610K Roblox Accounts Hacked, and 25 More Threats

In a week marked by significant cybersecurity incidents, authorities have made notable strides in combating a range of threats, from SMS phishing to data breaches. The landscape of cybersecurity continues to evolve, and recent developments underscore the urgency for organizations and individuals to remain vigilant against emerging threats.

SMS Blaster Phishing Crackdown

Canadian law enforcement has arrested three individuals for operating an SMS blaster device that impersonates a cellular tower to send phishing messages to nearby mobile phones. These devices emit signals that trick phones into connecting to them, resulting in fraudulent text messages appearing to originate from trusted organizations. Authorities reported that these messages often contain links leading to fake websites designed to capture sensitive personal information, including banking credentials and passwords. The three suspects face a total of 44 charges related to this operation, which reportedly connected tens of thousands of devices over several months. This incident marks the first recorded case of an SMS blaster being used in Canada.

npm Brandsquat Data Theft

A recent supply chain attack has exploited an npm package masquerading as TanStack, distributing malicious versions that extract environment variables from developers’ machines during installation. The package, named tanstack, has been confirmed to silently steal files such as .env, .env.local, and .env.production, sending them to an attacker-controlled endpoint. The malicious package was maintained by a user identified as “sh20raj,” with versions 2.0.4 through 2.0.7 confirmed as harmful. In a public statement, the developer expressed regret for his actions, claiming he sought a bounty for the package name, which he believed was acceptable.

Browser Extensions Legally Selling User Data

An analysis by LayerX has revealed that numerous browser extensions are collecting and reselling user data for profit. Unlike malicious extensions that disguise their activities, 80 identified extensions explicitly inform users in their privacy policies about their data collection practices. Among these, a network of 24 media extensions has been installed by 800,000 users, gathering viewing data and demographic information from major streaming platforms. Additionally, 12 ad blockers with a combined user base of over 5.5 million are openly selling user data, while nearly 50 other extensions have collectively over 100,000 users and are involved in similar practices.

Komari Tool Weaponized in Attacks

Huntress has reported that unknown threat actors exploited stolen VPN credentials to infiltrate a Windows workstation belonging to an unspecified organization. The attackers utilized Impacket’s smbexec.py to deploy a SYSTEM-level backdoor using the Komari agent, a Go-based remote-control and management tool. This incident marks the first documented case of the Komari tool being used in a real-world attack, highlighting a trend where cybercriminals increasingly leverage publicly available tools for malicious purposes.

Next-Gen Phishing Kits Escalate

New phishing kits, dubbed Saiga 2FA and Phoenix System, have emerged, linked to both email and SMS phishing attacks. Saiga 2FA enhances traditional adversary-in-the-middle (AitM) capabilities by integrating tools for mailbox content extraction and analysis. This evolution illustrates how phishing kits are transitioning into sophisticated application-level platforms, enabling highly targeted campaigns. The Phoenix System has been associated with over 2,500 phishing domains since January 2025 and employs IP-based filtering and geofencing for precise targeting.

Mass Exposure of Remote Access Servers

Forescout’s analysis has uncovered that 1.8 million RDP and 1.6 million VNC servers are exposed on the internet, posing significant security risks. The report indicates that China accounts for 22% of exposed RDP and 70% of exposed VNC servers, while the U.S. follows with 20% and 7%, respectively. Alarmingly, 18% of exposed RDP servers are running end-of-life Windows versions, and over 19,000 RDP servers remain vulnerable to the BlueKeep exploit (CVE-2019-0708).

Critical Flaws Hit Healthcare Platform

Thirty-eight critical vulnerabilities have been disclosed in OpenEMR, the world’s most widely used open-source electronic medical records platform. These vulnerabilities, now patched, range from medium to critical severity and include issues such as cross-site scripting (XSS) and SQL injection. The flaws could have allowed unauthorized access to sensitive patient and provider data, posing serious health and regulatory risks.

Roblox Account Hacking Ring Busted

Ukrainian authorities have arrested three individuals involved in hacking over 610,000 Roblox gaming accounts, generating a profit of $225,000 through sales on Russian websites. The suspects face potential prison sentences of up to 15 years if convicted. The operation was reportedly orchestrated by a 19-year-old who collaborated with accomplices met on gaming forums.

Record Surge in Privacy Fines

In 2025, U.S. states issued $3.45 billion in privacy-related fines, a figure surpassing the total from the previous five years combined. This trend indicates a shift in regulatory focus from awareness to enforcement, with expectations that this pattern will continue into 2026 and beyond.

Conclusion

As the cybersecurity landscape continues to evolve, the importance of vigilance cannot be overstated. Organizations and individuals must prioritize security measures and stay informed about emerging threats. The recent incidents highlight the need for robust security protocols and awareness of potential vulnerabilities in both software and user behavior.

For more detailed insights into these developments, visit thehackernews.com.

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.