Passwords
Fake LastPass support email threads try to steal vault passwords
Password management software provider LastPass is warning users of a phishing campaign targeting its users with fake unauthorized account access alerts. The emails impersonate a LastPass representative by spoofing the display name and use subject lines crafted to mimic forwarded internal conversations between attackers and the company’s customer support team about a request to change […]
ClawJacked attack let malicious websites hijack OpenClaw to steal data
Security researchers have disclosed a high-severity vulnerability dubbed “ClawJacked” in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally running instance and take control over it. Oasis Security discovered the issue and reported it to OpenClaw, with a fix being released in version 2026.2.26 on February 26. OpenClaw […]
Microsoft fixes bug causing password sign-in option to disappear
Microsoft has fixed a known issue that was causing the password sign-in option to disappear from the lock screen options after installing Windows 11 updates released since August 2025. The password icon appears on the lock screen only if multiple sign-in options (e.g., PIN, password, security key, fingerprint) are available. However, if you use only […]
Fake Lastpass emails pose as password vault backup alerts
LastPass is warning of a new phishing campaign disguised as a maintenance notification from the service, asking users to back up their vaults in the next 24 hours. The malicious emails include a link that allegedly takes users to a site where they can create an encrypted backup, where the attacker likely tries to hijack accounts or […]
Microsoft: Windows updates make password login option invisible
Microsoft warned users that Windows 11 updates released since August may cause the password sign-in option to disappear from the lock screen options, even though the button remains functional. On Windows 11, the password icon appears only if multiple sign-in options (e.g., PIN, security key, password, fingerprint) are available. If you only use a password, […]
Broadcom fixes high-severity VMware NSX bugs reported by NSA
Broadcom has released security updates to patch two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency (NSA). VMware NSX is a networking virtualization solution within VMware Cloud Foundation that enables administrators to deploy traditional and modern applications in private/hybrid clouds. The first security flaw reported by the NSA, tracked as CVE-2025-41251, is due […]
PyPI urges users to reset credentials after new phishing attacks
The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default source for Python’s package management tools, hosting hundreds of thousands of packages and providing developers with a centralized platform to distribute third-party software […]
No, Google did not warn 2.5 billion Gmail users to reset passwords
Google has disputed a widely reported story about the company warning all Gmail users to reset their passwords due to a recent data breach that also affected some Workspace accounts. This claim was covered by numerous news outlets, as well as cybersecurity firms, which published stories about the so-called “urgent warning” asking 2.5 billion Gmail users worldwide to […]
Microsoft Edge now offers secure password deployment for businesses
Microsoft announced that a new Edge feature allowing employees to share passwords more securely in enterprise environments has reached general availability. Known as secure password deployment, this feature will be available to Microsoft Edge for Business users starting this week, minimizing the risk of unauthorized access by ensuring that employees don’t accidentally share passwords with […]
Microsoft Authenticator now warns to export passwords before July cutoff
The Microsoft Authenticator app is now issuing notifications warning that the password autofill feature is being deprecated in July, suggesting users move to Microsoft Edge instead. Microsoft Authenticator is a free mobile authenticator app that provides secure sign-in for mobile accounts using multi-factor authentication (MFA) methods like time-based one-time passwords (TOTPs), push notifications, biometrics-based confirmations, and […]