U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Crooks impersonate LastPass in campaign to harvest master passwords

Password manager LastPass warns of an active phishing campaign impersonating the service to steal users’ master passwords. LastPass warned users about an active phishing campaign that began around January 19, 2026. Attackers impersonate the service with emails claiming urgent maintenance and urge users to back up their password vaults within 24 hours. The messages use […]

LastPass

Password manager LastPass warns of an active phishing campaign impersonating the service to steal users’ master passwords.

LastPass warned users about an active phishing campaign that began around January 19, 2026. Attackers impersonate the service with emails claiming urgent maintenance and urge users to back up their password vaults within 24 hours.

The messages use subject lines referencing infrastructure updates, vault security, and missed deadlines to trick victims into revealing their master passwords.

“LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team would like to alert our customers to an active phishing campaign that began on or around January 19, 2026.” reads the alert. “These phishing emails are being sent from several email addresses with various subject lines claiming that LastPass is about to conduct maintenance and urging users to backup their vaults in the next 24 hours. The known list of email addresses and subject lines can be found below.”

The campaign uses phishing emails with links claiming to help users back up their LastPass vaults. The links lead to an Amazon S3–hosted phishing page (“group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf”) that redirects to a fake LastPass site (“mail-lastpass[.]com). Attackers launched the campaign over a US holiday weekend to exploit reduced staffing and delay detection and response.

LastPass warns users it will never ask for master passwords and urges caution over phishing emails. The company is working to take down the malicious domain, asks users to report suspicious messages to abuse@lastpass.com, and shared indicators of compromise, including fake domains, IP addresses, sender details, and phishing email subject lines.

“The timing of the campaign, which fell over a holiday weekend in the United States, is a common tactic among threat actors seeking to take advantage of reduced staffing under the assumption it will postpone detection and draw out response time.” concludes the report.

In December 2025, the blockchain intelligence firm TRM Labs warned that encrypted vault backups stolen in the 2022 LastPass breach are still being cracked using weak master passwords, enabling crypto theft as late as 2025.

Earlier December, the U.K. ICO fined the password manager £1.2m ($1.6m ) for inadequate security measures that failed to prevent the breach.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, LastPass)