LastPass
-
Study finds cloud password managers vulnerable to server-side recovery attacks
A technical analysis by ETH Zurich and Universit della Svizzera italiana found that Bitwarden, LastPass, and Dashlane are vulnerable to server-side password recovery attacks, with researchers detailing multiple attack types and vendor mitigations.
-
Password manager vendor warns of active phishing campaign urging 24 hour vault backups
A phishing campaign that began around January 19 2026 uses maintenance and backup lures to pressure users into creating local vault backups within 24 hours. The vendor advises never to disclose master passwords and is working to remove the malicious infrastructure.
-
UK data watchdog fines LastPass £1.2m after 2022 breach exposed data of up to 1.6m users
The UK Information Commissioner’s Office fined LastPass £1.2 million over a two-part 2022 breach that exposed personal data for up to 1.6 million UK users, finding failures in technical and organisational security including permissive account-linking policies and missed AWS alerts.
-
Phishing campaign lures LastPass and Bitwarden users to install remote-access tools
A phishing campaign impersonating LastPass and Bitwarden is distributing a binary that installs the Syncro RMM agent and deploys ScreenConnect for remote access, researchers reported; LastPass says it was not breached and users are advised to ignore unsolicited alerts and verify notices on official channels.
-
Mac ad campaign impersonating brands pushes macOS credential stealer, LastPass warns
Security researchers warn of a malvertising campaign that uses search ads to impersonate LastPass and other services, delivering the Atomic Stealer/Amos Stealer on macOS via fraudulent GitHub pages; LastPass says takedowns are underway and IoCs are shared.
-
Researchers warn of DOM-based extension clickjacking in password managers
Security researchers at DEF CON 33 revealed a DOM-based extension clickjacking flaw affecting popular password-manager browser extensions, capable of stealing credentials, 2FA codes, and more with a single click on a malicious page; Bitwarden has issued a fix, and others are in progress, with guidance to disable auto-fill until patches are deployed.
