Phishing Campaign Targets LastPass and Bitwarden Users with Fake Alerts

Phishing Campaign Targets LastPass and Bitwarden Users with Fake Alerts

First seen 14 Jul 2026, 17:57 UTC BleepingcomputerFeeds.4Sysops 83% similarity 51.9

Article Content

Browse articles
ThreatCluster

A phishing campaign is targeting LastPass and Bitwarden users through fraudulent emails that mimic legitimate security notifications. These emails, sent from spoofed domains like lastpassnewsletter.com, claim to inform users of changes to security policies and prompt them to click on links leading to malicious websites. The fake sites impersonate DocuSign and aim to trick users into downloading harmful files. LastPass confirmed that their systems were not compromised, and the phishing emails did not originate from their infrastructure. Users are advised to change their master passwords if they entered credentials on these phishing sites. Similar phishing attempts were reported earlier in the year, indicating a persistent threat to users of these services. The malicious websites have since been taken offline, but the campaign remains a significant concern.

Key Points: • Phishing emails impersonate LastPass and Bitwarden, using spoofed domains. • Users are directed to malicious sites mimicking DocuSign to download harmful files. • LastPass confirms no compromise of their systems; users advised to change passwords.

ThreatCluster AI

Timeline

2026-07-14
Phishing campaign targeting LastPass and Bitwarden users reported
Fraudulent emails sent from spoofed domains inform users of fake security policy changes, leading to malicious sites.
BleepingComputer
2026-07-14
LastPass confirms no system compromise
LastPass states that the phishing emails did not originate from their infrastructure, ensuring user data remains secure.
Feeds.4Sysops

Community

Browse all →