Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More

A permission bypass vulnerability (CVE-2025-10184) in OnePlus OxygenOS allows unauthorized access to SMS/MMS data, potentially compromising sensitive information like MFA codes. The flaw, introduced in OxygenOS 12, remains unpatched. Additionally, three members of the cybercrime group Scattered Spider were arrested for hacking high-profile companies using social engineering tactics.