ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

Physical‑layer attacks are resurfacing as threat actors weaponize fake cellular towers to broadcast phishing SMS campaigns. The recent Canadian bust of an SMS‑blaster device demonstrates how easily a rogue base‑transceiver can hijack nearby phones, delivering fraudulent links that harvest banking credentials. Telecom operators and mobile security teams must now deploy real‑time tower‑authentication and anomaly‑detection tools to spot rogue signals before they reach consumers, while regulators consider stricter licensing for low‑power broadcast equipment.

Supply‑chain compromises continue to dominate headlines, with the npm "tanstack" package and a malicious PyPI release of "elementary‑data" stealing environment variables and cryptocurrency wallets. These incidents reveal a systemic weakness in automated package publishing pipelines, especially when CI/CD workflows expose privileged tokens. Organizations should enforce signed package verification, enforce least‑privilege tokens in CI, and monitor for unexpected credential exfiltration. Developers also need to audit third‑party dependencies and consider using provenance tools that flag anomalous changes before they reach production.

The broader ecosystem remains vulnerable: Forescout reports over three million exposed remote‑desktop endpoints, many running outdated Windows versions susceptible to BlueKeep. Simultaneously, 80 browser extensions openly monetize user data, and OpenEMR’s 38 patched flaws threaten the privacy of 200 million patients worldwide. These findings illustrate that cyber risk is no longer confined to high‑profile breaches; it permeates everyday tools and infrastructure. Enterprises must adopt a layered defense strategy—regularly scanning for exposed services, enforcing strict extension policies, and prioritizing rapid patch cycles for critical healthcare software—to mitigate the escalating threat landscape.