CVE-2026-42514

This vulnerability exists in e-Sushrut due to exposure of OTPs in plaintext within API responses. A remote attacker could exploit this vulnerability by intercepting API responses containing valid OTPs. Successful exploitation of this vulnerability could allow an attacker to impersonate the target...

New “Scary” FakeCall Malware Captures Photos and OTPs on Android

A new, more sophisticated variant of the FakeCall malware is targeting Android devices. Learn about the advanced features…...

TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns

New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant...

Singapore Banks to Phase Out OTPs for Online Logins Within 3 Months

Retail banking institutions in Singapore have three months to phase out the use of one-time passwords OTPs for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore MAS and the...

New V3B Phishing Kit Steals Logins and OTPs from EU Banking Users

New phishing kit targets European bank users! Protect yourself from V3B attacks designed to steal your logins and…...

CVE-2024-23580 HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs)

HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords OTPs. This could allow an attacker with access to the database to recover some or all encrypted values...

Telegram Offers Premium Subscription in Exchange for Using Your Number to Send OTPs

In June 2017, a study of more than 3,000 Massachusetts Institute of Technology MIT students published by the National Bureau for Economic Research NBER found that 98% of them were willing to give away their friends' email addresses in exchange for free pizza. "Whereas people say they care about...

GHSA-F9FQ-VJVH-779P Improper Input Validation in vault-ssh-helper

HashiCorp vault-ssh-helper github.com/hashicorp/vault-ssh-helper/helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0...

How Coinbase Phishers Steal One-Time Passwords

A recent phishing campaign targeting Coinbase users shows thieves are getting smarter about phishing one-time passwords OTPs needed to complete the login process. It also shows that phishers are attempting to sign up for new Coinbase accounts by the millions as part of an effort to identify email...

Evolving beyond password complexity as an identity strategy

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Troy Hunt, founder of Have I Been Pwned,...

CVE-2020-24359

HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0...

CVE-2013-7322

usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password OTP type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay...

Fedora Update for yubikey-val FEDORA-2011-15580

Check for the Version of yubikey-val OpenVAS Vulnerability Test Fedora Update for yubikey-val FEDORA-2011-15580 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

[SECURITY] Fedora 16 Update: yubikey-val-2.10-1.fc16

This is a server that validates Yubikey OTPs. It is written in PHP, for use with web servers such as Apache...