More results...
LastPass warns of a phishing campaign using fake security alerts about unauthorized access or password changes to steal users’ master passwords. LastPass has warned users about a new phishing campaign using fake security alerts that claim unauthorized access or master password changes. The emails, which spoof LastPass’s display name, attempt to trick recipients into revealing […]
The attackers are sending out fake alerts claiming unauthorized access or master password changes.
The post LastPass Warns of New Phishing Campaign appeared first on SecurityWeek.
Researchers demonstrate multiple attacks against major password managers, showing how compromised servers and design flaws can expose encrypted vault data.
Can cloud-based password managers that claim “zero-knowledge encryption” keep users’ passwords safe even if their encrypted-vault servers are compromised? Researchers at ETH Zurich and Università della Svizzera italiana set out to answer th…
Researchers at ETH Zurich have tested the security of Bitwarden, LastPass, Dashlane, and 1Password password managers.
The post Password Managers Vulnerable to Vault Compromise Under Malicious Server appeared first on SecurityWeek.
The campaign targets customers with urgent “maintenance” alerts designed to steal master passwords within hours.
The post LastPass Warns of Phishing Campaign Targeting Its Customers appeared first on TechRepublic.
Threat actors may have wanted to take advantage of the holiday weekend in the United States to increase their chances of success.
The post LastPass Users Targeted With Backup-Themed Phishing Emails appeared first on SecurityWeek.
Password manager LastPass warns of an active phishing campaign impersonating the service to steal users’ master passwords. LastPass warned users about an active phishing campaign that began around January 19, 2026. Attackers impersonate the service with emails claiming urgent maintenance and urge users to back up their password vaults within 24 hours. The messages use […]
KrebsOnSecurity.com celebrates its 16th anniversary today! A huge “thank you” to all of our readers — newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services.
Stolen vault backups from the 2022 LastPass breach are still being cracked, allowing attackers to steal crypto as late as 2025. The blockchain intelligence firm TRM Labs warns that encrypted vault backups stolen in the 2022 LastPass breach are still being cracked using weak master passwords, enabling crypto theft as late as 2025. In 2022, […]