New phishing campaign hits LastPass, Bitwarden users


Criminals have been found impersonating popular password managers LastPass and Bitwarden online in an attempt to trick users into sharing their login credentials, and thus access to a treasure trove of passwords and other secrets.

LastPass recently issued a warning to its customers, raising awareness of the ongoing phishing campaign.

However the scam also now seems to have spread to other password managers, with Bitwarden customers also apparently being targeted.

Read more…
Source:  TechRadar News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Uncovering a Multi-Stage Phishing Kit Targeting Italy’s Infrastructure

    November 13, 2025

    Phishing remains one of the most persistent and adaptive threats in cybersecurity. It is common and widespread for cybercriminals to impersonate reputable IT companies in phishing campaigns, exploiting the trust these brands have built and thus targeting both affected companies and their customers. What began as simple social engineering has matured into a complex criminal economy ...

  • 1 million victims, 17,500 fake sites: Google takes on toll-fee scammers

    November 13, 2025

    A Phishing-as-a-Service (PhaaS) platform based in China, known as “Lighthouse,” is the subject of a new Google lawsuit. Lighthouse enables smishing (SMS phishing) campaigns, and if you’re in the US there is a good chance you’ve seen their texts about a small amount you supposedly owe in toll fees. Here’s an example of a toll-fee scam ...

  • When Your Calendar Becomes the Compromise

    November 6, 2025

    It starts innocently enough. A new meeting appears in your Google calendar and the subject seems ordinary, perhaps even urgent: “Security Update Briefing,” “Your Account Verification Meeting,” or “Important Notice Regarding Benefits.” You assume you missed this invitation in your overloaded email inbox, and click “Yes” to accept. Unfortunately, calendar invites have become an overlooked delivery ...

  • North Korean hackers target European defense firms with dream job scam

    October 24, 2025

    Infamous North Korean state-sponsored threat actors, Lazarus Group, have been targeting Southeastern European defense firms with their Operation DreamJob scams. Security researchers at ESET claim the goal of the attacks was to steal the know-how and other proprietary information on unmanned aerial vehicles (UAV) and drones. Lazarus is known for its work in supporting North Korea’s ...

  • Europol: 7 arrested in Cybercrime-as-a-Service takedown

    October 17, 2025

    An action day performed in Latvia on 10 October 2025 led to the arrest of five cybercriminals of Latvian nationality and the seizure of infrastructure used to enable crimes against thousands of victims across Europe. During the operation codenamed ‘SIMCARTEL’, law enforcement arrested two further suspects, took down five servers and seized 1 200 SIM box ...

  • ClayRat Android malware spoofs WhatsApp, TikTok and more

    October 10, 2025

    A new Android malware variant is posing as popular apps, stealing sensitive files and propagating further. Experts from Zimperium revealed ClayRat, targeting primarily Russian users by spoofing popular Android apps such as WhatsApp, TikTok, Google Photos, or YouTube, distributed mostly through Telegram channels and standalone phishing sites. Through typosquatting, the phishing sites trick victims into thinking ...