CloudZ RAT potentially steals OTP messages using Pheno plugin

Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool RAT and a previously undocumented plugin called "Pheno." According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of...

CVE-2025-23168

The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication 2FA using One-Time Passcodes OTP delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and password to redirect the O...

The Rise of One-Time Password Interception Bots

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords OTPs that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitor...

TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services

The malware authors behind TrickBot banking Trojan have developed a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or relatively more secure push notifications, and complete fraudulent transactions. The Android app, called "TrickMo" by I...