European law enforcement dismantled and seized an expansive cybercrime operation used to facilitate phishing attacks via mobile networks for fraud, including account intrusions, credential and financial data theft, Europol said Friday.

Investigators from Austria, Estonia and Latvia linked the cybercrime networks to more than 3,200 fraud cases, which also involved investment scams and fake emergencies for financial gain. Financial losses amounted to about $5.3 million in Austria and $490,000 in Latvia, authorities said.

The operation dubbed “SIMCARTEL” netted seven arrests and the seizure of 1,200 SIM box devices, which contained 40,000 active SIM cards that were used to conduct various cybercrimes over telecom networks. Officials described the infrastructure as highly sophisticated, adding that the online service it supported provided telephone numbers for criminal activities to people in more than 80 countries.

“It allowed perpetrators to set up fake accounts for social media and communications platforms, which were subsequently used in cybercrimes while obscuring the perpetrators’ true identity and location,” Europol said in a news release.

The law enforcement operation largely occurred Oct. 10 in Latvia, spanning 26 searches that also resulted in the seizure of hundreds of thousands of additional SIM cards, five servers and two websites. Officials also seized four luxury vehicles and froze a combined $833,000 in suspects’ bank and cryptocurrency accounts. 

Europol said the full scale of the cybercrime network is still under investigation, but they’ve already traced the operation to more than 49 million accounts that were created and provided by the suspects. 

The services provided by the cybercriminal organization were also allegedly used to commit extortion, migrant smuggling and various scams involving second-hand marketplaces, fake investments, shops and websites. 

The coordinated takedown underscored the global prevalence of SIM farms, which allow cybercriminals to conduct and sell services for scams and various criminal activities via mobile network infrastructure. The Secret Service last month disrupted a network of electronic devices in the New York City area that included more than 300 servers and 100,000 SIM cards spread across multiple sites in the region. 

Unit 221B on Thursday warned that SIM boxes and SIM farms are growing rapidly, placing any phone user, bank, network carrier or retailer at risk. Ben Coon, Unit 221B’s chief intelligence officer, has identified at least 200 SIM boxes operating across dozens of locations across the United States, the company said on LinkedIn.

Europol published a video of the Latvian police takedown: ​​https://youtu.be/Z-ImysXws-0

The post Europol dismantles cybercrime network linked to $5.8M in financial losses appeared first on CyberScoop.

Google warned that two actively exploited zero-day vulnerabilities affecting Android devices have been patched in its September security update, which addresses 120 software defects total. 

The zero-days — CVE-2025-38352 affecting the kernel and CVE-2025-48543 affecting Android Runtime — are both high-severity defects that don’t require user interaction for exploitation and could lead to escalation of privilege with no additional execution privileges needed. Google said there are indications that both of the vulnerabilities may be under limited, targeted exploitation.

Google hasn’t included an actively exploited defect in its monthly batch of patches since May. The total number of vulnerabilities disclosed this month is also the highest this year. 

The Android security update contains two patch levels — 2025-09-01 and 2025-09-05 — allowing Android partners to address common vulnerabilities on different devices.

Third-party Android device manufacturers release security patches on their own schedule after they’ve customized operating system updates for their specific hardware.

The primary security update contains one critical vulnerability affecting the system component, CVE-2025-48539, which could lead to remote code execution. The first patch level also addresses 29 vulnerabilities in the framework, 28 in the system, one defect affecting Widevine DRM components and nine Google Play system updates.

The second patch includes fixes for three vulnerabilities affecting the kernel, three Arm components defects, 10 Imagination Technologies bugs and four vulnerabilities affecting MediaTek components. The update also addresses 32 vulnerabilities affecting Qualcomm components, including 27 closed-source components. 

Three of the vulnerabilities affecting Qualcomm’s proprietary components — CVE-2025-21450, CVE-2025-21483 and CVE-2025-27034 — are designated as critical.

Google said source code patches for all vulnerabilities addressed in this month’s security update will be released to the Android Open Source Project repository by Thursday.

The post Google patches two Android zero-days, 120 defects total in September security update appeared first on CyberScoop.