Crooks impersonate LastPass in campaign to harvest master passwords

Related breach coverage

• LastPass warns of spoofed alerts aimed at stealing master passwords
  2026-03-04

  LastPass warns of a phishing campaign using fake security alerts about unauthorized access or password changes to steal users’ master passwords. LastPass has warned users about a new phishing campaign using fake security alerts that claim unauthorized access or master password changes. The emails, which spoof LastPass’s display name, attempt to trick recipients into revealing […]

• Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing
  2026-04-02

  Threat actors impersonated CERT-UA to send phishing emails with AGEWHEEZE malware, tricking victims into installing a fake “security tool.” A threat actor, tracked as UAC-0255, impersonated CERT-UA in a phishing campaign, sending emails to about 1 million users. The messages urged victims to download a password-protected archive from Files.fm and install a fake “specialized software,” […]

• Storm-2561 lures victims to spoofed VPN sites to harvest corporate logins
  2026-03-14

  Attackers linked to Storm-2561 use SEO-poisoned search results to lure users to fake Ivanti, Cisco, and Fortinet VPN sites that steal corporate login credentials. In mid-January 2026, Microsoft Defender Experts uncovered a credential-theft campaign attributed to Storm-2561. Threat actor is spreading fake enterprise VPN clients impersonating Ivanti, Cisco, and Fortinet software. By poisoning search engine […]

• LastPass Warns of New Phishing Campaign
  2026-03-04

  The attackers are sending out fake alerts claiming unauthorized access or master password changes. The post LastPass Warns of New Phishing Campaign appeared first on SecurityWeek.