Weekly Cybersecurity Roundup: Fake Cell Towers, OpenEMR Vulnerabilities, and Roblox Account Takeovers

Overview of the Week's Threats

The digital landscape continues to be a battleground, with threat actors deploying increasingly sophisticated tactics. This week's highlights include arrests related to SMS blasters using fake cell towers, critical flaws in OpenEMR software, and a massive wave of Roblox account compromises affecting over 600,000 users. Additionally, we cover several other stories that underscore the importance of staying vigilant online.

Fake Cell Towers and SMS Blaster Busts

Law enforcement agencies have cracked down on criminals operating fake cell towers (also known as IMSI catchers) to blast scam text messages. These devices mimic legitimate mobile network towers, allowing attackers to intercept communications and send fraudulent SMS to any phone within range. The busts highlight a worrying trend: the use of portable hardware to bypass traditional spam filters. Back to top

How SMS Blasters Work

Attackers deploy compact, portable units that connect to a mobile network and broadcast a stronger signal than legitimate towers. Nearby phones automatically connect to the fake tower, and the attacker sends bulk scam messages—often phishing links or fake alerts—without the carrier's oversight. These operations are difficult to trace because the hardware is easily disguised and can be moved quickly.

Critical Flaws in OpenEMR Threaten Patient Data

Multiple security vulnerabilities have been discovered in OpenEMR, an open-source electronic medical records system used by hospitals and clinics worldwide. The flaws could allow attackers to execute arbitrary code, elevate privileges, or access sensitive patient information. Back to top

Vulnerability Details

The most severe issue is a remote code execution bug in the scheduling module. By sending specially crafted requests, an unauthenticated attacker could run malicious commands on the server. Another flaw enables privilege escalation, letting a low-level user gain admin rights. Organizations using OpenEMR are urged to apply the latest patches immediately.

Patches and Mitigation

The OpenEMR project released version 5.0.2.3 which fixes these issues. Administrators should update promptly and also review access logs for any suspicious activity. As a precaution, enable two-factor authentication and restrict network exposure of the application.

600,000 Roblox Accounts Hacked Through Stolen Cookies

A massive credential theft campaign has targeted Roblox players, compromising over 600,000 accounts. The attackers used cookie stealing malware to bypass password protections and gain persistent access. Back to top

Attack Vectors

The malware is often distributed through fake game mods, cheat tools, or phishing links that promise free in-game currency. Once installed, it steals session cookies that keep users logged in. Even if a player changes their password, the attacker can still access the account using the stolen cookie. Roblox has since rolled out security updates to invalidate stolen tokens.

How to Protect Your Account

• Never download third-party mods or cheats for Roblox.
• Enable two-step verification (2SV) on your Roblox account.
• Regularly clear your browser cookies and log out after each session.
• Use a unique, strong password and a password manager.

Other Notable Stories in Cybersecurity

This week also saw several other incidents worth noting. Back to top

Developers Targeted by Supply Chain Attack

Security researchers uncovered malicious npm packages that, during installation, exfiltrated files from the developer's system. These typosquatting packages posed as legitimate tools (e.g., 'coffeescript' instead of 'coffeescript') and contained code that read sensitive files like .env or SSH keys. Developers are advised to double-check package names and consider using lock files.

Millions of Servers Left Without Passwords

A recent scan revealed that over 2 million servers are still running without password authentication for SSH or database services. This configuration allows anyone with network access to log in as root. Many are legacy systems or misconfigured cloud instances. Experts recommend implementing key-based authentication and disabling password login entirely.

Wrap-Up: Staying Safe in a Noisy Internet

The threats this week demonstrate that cybersecurity is a moving target. From physical hardware attacks with fake cell towers to software supply chain infiltrations, the attack surface is broad. Key takeaways include: keeping software updated, enabling multi-factor authentication, being cautious with downloads, and auditing network exposure. By staying informed and adopting basic security hygiene, users and organizations can reduce their risk.