12 Jul, 2026

New Apple feature automatically changes your compromised passwords

At WWDC 2026, Apple announced an Apple Intelligence-powered feature that can automatically fix weak and compromised passwords. Right now, Safari and the built-in Apple Passwords app can automatically flag weak, duplicate, or compromised passwords. For example, if you enter a password when you’re creating an account, Apple will warn you if it detects the password […]

2 mins read

Microsoft backpedals: Edge to stop loading passwords into memory

Microsoft is updating the Edge web browser to ensure it no longer loads saved passwords into process memory in clear text at startup after previously stating it was “by design.” This behavior was disclosed on May 4 by security researcher Tom Jøran Sønstebyseter Rønning, who demonstrated that all credentials stored in the Edge built-in password manager were […]

2 mins read

Fake LastPass support email threads try to steal vault passwords

Password management software provider LastPass is warning users of a phishing campaign targeting its users with fake unauthorized account access alerts. The emails impersonate a LastPass representative by spoofing the display name and use subject lines crafted to mimic forwarded internal conversations between attackers and the company’s customer support team about a request to change […]

2 mins read

ClawJacked attack let malicious websites hijack OpenClaw to steal data

Security researchers have disclosed a high-severity vulnerability dubbed “ClawJacked” in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally running instance and take control over it. Oasis Security discovered the issue and reported it to OpenClaw, with a fix being released in version 2026.2.26 on February 26. OpenClaw […]

3 mins read

Fake Lastpass emails pose as password vault backup alerts

LastPass is warning of a new phishing campaign disguised as a maintenance notification from the service, asking users to back up their vaults in the next 24 hours. The malicious emails include a link that allegedly takes users to a site where they can create an encrypted backup, where the attacker likely tries to hijack accounts or […]

2 mins read

Broadcom fixes high-severity VMware NSX bugs reported by NSA

Broadcom has released security updates to patch two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency (NSA). VMware NSX is a networking virtualization solution within VMware Cloud Foundation that enables administrators to deploy traditional and modern applications in private/hybrid clouds. The first security flaw reported by the NSA, tracked as CVE-2025-41251, is due […]

2 mins read

PyPI urges users to reset credentials after new phishing attacks

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default source for Python’s package management tools, hosting hundreds of thousands of packages and providing developers with a centralized platform to distribute third-party software […]

2 mins read

No, Google did not warn 2.5 billion Gmail users to reset passwords

Google has disputed a widely reported story about the company warning all Gmail users to reset their passwords due to a recent data breach that also affected some Workspace accounts. This claim was covered by numerous news outlets, as well as cybersecurity firms, which published stories about the so-called “urgent warning” asking 2.5 billion Gmail users worldwide to […]

2 mins read