logo

LastPass, Bitwarden users targeted with fake security alerts

ID: 98c5b6d8-4c60-57a3-9ee9-11839d55a461

STIX ID: report--98c5b6d8-4c60-57a3-9ee9-11839d55a461

Feed Name: Bleeping Computer

Threat Score
55/100

Date Published: 2026-07-14

Date Updated: 2026-07-15

Author: Bill Toulas

...
...

A phishing campaign is targeting LastPass and Bitwarden users with fake security notices sent from addresses like [email protected] and [email protected], redirecting victims to impersonated DocuSign sites (e.g., lastpasscompliance.com, bitwardencompliance.com) that prompt downloads and may harvest credentials. LastPass confirms its infrastructure was not compromised, the malicious sites have been taken offline, and users who entered credentials should change their master passwords and report suspicious communications.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.