ANY.RUN researchers uncovered Salty2FA, a phishing-as-a-service kit that intercepts credentials and bypasses push, SMS, and voice 2FA. Active since June 2025, it’s targeting enterprises in the US and EU across sectors including finance, energy, and telecom.