Hackers Exploit Vulnerability in OnePlus Phones to Send SMS on Behalf of Users
A serious cybersecurity vulnerability has been discovered in OnePlus smartphones, posing a significant risk to users. Security researchers at Rapid7 have uncovered a flaw that allows hackers to send SMS messages impersonating the phone’s owner. In some cases, attackers can even access the content of messages, including multi-factor authentication (MFA) codes, which could facilitate fraud or account takeovers.
The issue is affecting devices running Oxygen OS versions 12, 13, and 14, as well as those on the upcoming Android 15-based Oxygen OS builds. Alarmingly, the flaw appears to have been present for the past four years, and despite being flagged to OnePlus by Rapid7 in May 2025, the company has yet to release a fix. As a result, the security firm has publicly disclosed the vulnerability, urging users to monitor for suspicious SMS activity and any unauthorized financial transactions that could stem from the compromise of OTPs (One-Time Passwords).
Sensitive Data Stolen in Kido Schools International Nurseries Breach
Kido Schools, which operates across the UK, US, India, and China, has been the target of a devastating cyberattack, compromising the personal data of young children, including their names, photos, and addresses. The attack has impacted over 8,000 students, with images of children as young as two years old being stolen. These images could be misused in extortion schemes or manipulated in disturbing ways, creating serious risks for affected families.
The UK’s National Cyber Security Centre has launched an investigation, while Kido has publicly confirmed the breach and promised to disclose the identity of the hacking group responsible once the investigation concludes. The Metropolitan Police have linked the attack to a ransomware group that has previously targeted high-profile organizations like Marks & Spencer, Co-Op, and Jaguar Land Rover.
Volvo Faces Data Breach in Ransomware Attack
In another significant cybersecurity incident, Volvo Cars was hit by a ransomware attack that compromised its IT services provider, Miliodata, in August 2025. The DataCarry ransomware group is believed to be behind the attack, which disrupted Volvo’s systems and operations. This incident is part of a broader wave of cyberattacks that also affected several other organizations, including Scandinavian Airlines, Boliden, and various universities in Sweden.
On September 13, 2025, the hackers posted stolen data on a dark web platform, including sensitive personal information from Volvo employees. By September 16, the data was found on “Have I Been Pwned,” revealing 870,000 individuals’ personal details such as email addresses, phone numbers, government IDs, and more.
Stellantis Hit by Cyberattack, Data Breach from Third-Party Vendor
The automotive giant Stellantis, which owns major brands like Chrysler, Jeep, and Fiat, has confirmed a data breach following a cyberattack on its third-party service provider, Salesforce. The breach has exposed sensitive customer contact information, which could be used for social engineering attacks, potentially putting customers at risk.
Cybersecurity experts suspect the attack may have been orchestrated by the Shiny Hunters group, a state-sponsored hacking collective. Stellantis has assured the public that it is taking necessary steps to mitigate the risk, following enhanced cybersecurity protocols and preparing for future attacks.
Key Takeaways:
a.) OnePlus users are at risk of a serious SMS vulnerability, which remains unpatched despite being reported months ago.
b.) Kido Schools’ data breach compromises sensitive information of young children, opening the door for potential extortion or exploitation.
c.) Volvo ransomware attack led to a major data breach, with 870,000 employee records exposed.
d.) Stellantis faces a data breach through a third-party vendor, with the possibility of future social engineering threats.
These incidents serve as a reminder of the ongoing threat landscape and the critical need for businesses and consumers to stay vigilant against cyberattacks.
