THREATSDAY Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories provides a snapshot of a busy week in cybersecurity, noting the bulletin covers 25 stories in total. Canadian authorities have arrested three men for operating an SMS blaster that mimics a cellular tower to send phishing texts, with the suspects facing 44 charges and tens of thousands of devices connected over several months.
OpenEMR, the open‑source electronic medical records platform, has 38 disclosed vulnerabilities, including two designated critical (CVE-2026-24908 and CVE-2026-23627), potentially exposing patient and provider data; OpenEMR is used by more than 100,000 medical providers, serving over 200 million patients. In Roblox, three individuals allegedly hacked more than 610,000 accounts and sold them for about $225,000 on Russian websites, with potential prison time of up to 15 years.
The bulletin also highlights broader trends such as supply‑chain compromises, phishing kit evolution, and privacy fines, all illustrating the wide range of threats facing organisations and individuals alike.