🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #04/2026 is out!

→ It includes the following and much more:

🎣 📩 LastPass warns of a #phishing campaign pretending to be #LastPass;

🇺🇸 🎽 Under Armour investing #breach;

🇯🇴 📲 Jordanian authorities used #Cellebrite phone-cracking tools to extract data from activists’ phones without consent;

🇮🇪 👀 #Ireland plans a new law to let police use #spyware;

💬 🔐 @moxie launched #Confer, a #ChatGPT-like service built to protect user #privacy;

💥 Attackers exploiting critical Fortinet #FortiCloud flaw;

🇷🇺 🇵🇱 Russian government hackers likely tried to knock out parts of Poland’s power grid;

--

👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-04-2026

#LastPass warnt vor #Phishing-Kampagne | Security https://www.heise.de/news/LastPass-warnt-vor-Phishing-Kampagne-11150415.html #CyberCrime #SocialEngineering

#Phishing Campaign Zeroes in on #LastPass Customers. The bait incudes plausible subject lines and credible messages, most likely thanks to attackers' use of large language models to craft them.
https://www.darkreading.com/application-security/phishing-campaign-zeroes-lastpass-customers
#passwords #security

Is there some reason LastPass Enterprise only recognizes your Master Password for a limited amount of time and once that time has elapsed if you're somehow logged out it'll never recognize it again?

#lastpass

#LastPass #phishing attack: what you need to know

https://www.technewsro.blog/atac-de-phishing-lastpass-ce-trebuie-sa-stii/

🚨 LastPass phishing campaign uncovered
Fake “urgent backup” emails redirect users to malicious sites designed to steal master passwords — granting full vault access.
LastPass confirms it never requests this via email.

🔗 https://www.technadu.com/lastpass-backup-phishing-campaign-exposed-deceptive-requests-target-password-vaults/618892/

Thoughts on improving phishing resilience for password manager users?

#Infosec #Phishing #LastPass #CredentialTheft

Tja, wenn doch nur jemand davor gewarnt hätte…

…einen passwortmänätscher zu benutzen, der die datenbanken für die passwörter zentral im internetz speichert. Wenn die krypto gut genug ist, um angreifer abzuwehren, dann gibt es eben plumpe phishing-angriffe, auf die auch immer wieder leute reinfallen.

Nehmt einfach einen passwortmänätscher, bei dem ihr selbst wisst, wo die daten rumliegen und bei dem ihr niemals auch nur auf die idee kommt, das hauptpasswort irgendwo auf einer komischen webseit einzugeben. Klar, da muss man sich auch selbst um datensicherung und synkronisazjon zwischen verschiedenen geräten kümmern. Aber das ist nicht so schwierig. Datenzäpfchen und speicherkarten sind billig und einfach zu benutzen.

#LastPass #Passwort #Passwortmanager #Phishing #Security

I would hope I don’t need to let most people know, but…

Lastpass phishing - and this might be expensive for the unwary

Remember, following liks in emails can be dangerous - following links to shortened URLS is silly

https://www.theregister.com/2026/01/21/lastpass_backup_phishing_campaign/

#LastPass #Phishing #Security #IT

Fake #Lastpass emails pose as #password vault backup alerts

https://www.bleepingcomputer.com/news/security/fake-lastpass-emails-pose-as-password-vault-backup-alerts/

#cybersecurity #phishing #PasswordManager

LastPass alerta para novo ataque de phishing disfarçado de manutenção urgente
🔗 https://tugatech.com.pt/t77280-lastpass-alerta-para-novo-ataque-de-phishing-disfarcado-de-manutencao-urgente

#alerta #ataque #lastpass #phishing #urgente 

📢 Alerte: campagne de phishing imitant une maintenance LastPass demandant une sauvegarde sous 24 h
📝 Selon BleepingComputer, LastPass met en garde contre une nouvel...
📖 cyberveille : https://cyberveille.ch/posts/2026-01-21-alerte-campagne-de-phishing-imitant-une-maintenance-lastpass-demandant-une-sauvegarde-sous-24-h/
🌐 source : https://www.bleepingcomputer.com/news/security/fake-lastpass-emails-pose-as-password-vault-backup-alerts/
#LastPass #ingénierie_sociale #Cyberveille

New phishing attack targeting #LastPass customers. The phish is asking them to backup their vault before LastPass undergoes server maintenance.

https://blog.lastpass.com/posts/new-phishing-campaign-targeting-lastpass-customers

#passwords

@BleepingComputer Wouldn't it just be easier for hackers to assume that anyone idiotic enough to trust #lastpass for their password management needs uses "password" or "123456" for their master password?

Crooks impersonate #LastPass in campaign to harvest master passwords
https://securityaffairs.com/187145/cyber-crime/crooks-impersonate-lastpass-in-campaign-to-harvest-master-passwords.html
#securityaffairs #hacking #phishing

I just learnt that #1Password dunks in #LastPass if you migrate your vault

This is the first time a retrieve one of the secrets... and I was received with a big red square that reads:

> Imported from LastPass

> LastPass suffered a data breach in August 2022. Change your password to keep your account safe.

- Change password on website
- Ignore

Yeah, #lastpass forderte den Zugriff auf Web-Seiten Verlauf. Nun war der Moment gekommen - Wechsel: #keepassXC mit dem Vorteil, auch auf dem Handy. 10 € gehen auf jeden Fall jährlich an die Entwickler.

Jetzt wird das Add-On gelöscht.

PS: Ist es möglich zu einigen - welcher Tag gilt denn nun?

#dit #IDIT #di.day #DigitalIndependenceDay #diday #dut #DiDit #DUTgemacht #DID

@allpoints I don't think #LastPass should be trusted anymore, see https://en.wikipedia.org/wiki/LastPass#Security_Criticism for details.

I think #Bitwarden and/or #1Password are much better. Both have add-ons for Firefox.

Historic LastPass breach enabling cryptocurrency theft, investigation reveals

The data breach incident at LastPass, which happened more than three years ago, is still enabling cryptocurrency theft. Cybercriminals managed to steal approximately $35 million to date by cracking stolen LastPass vaults

#lastpass #passwordmanager #databreach #cryptocurrency #crypto #security #cybersecurity #hackers #hacking #hacked

https://www.techradar.com/pro/security/historic-lastpass-breach-enabling-cryptocurrency-theft-investigation-reveals

Just got a notice that the LastPass plug-in on Firefox wants to access more info than it needs just to supply a password. It could be innocuous but it feels like they've begun user tracking.

What are folks using for password management? preferably something with a Firefox/Waterfox plugin.

#Security #Firefox #Waterfox #LastPass