[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fvqb7bcmQ6vu6xWYDWiWWkIAfqYniDk7nmSPuwq9S7Dc":3},{"article":4,"iocs":46},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":30,"category":31,"article_tags":35},"7f5bb8b4-4cf0-49d0-b2d4-d8dc6a32164f","LastPass, Bitwarden users targeted with fake security alerts","lastpass-bitwarden-users-targeted-with-fake-security-alerts-56c6f5","LastPass is warning users about an ongoing phishing campaign that is using fake security notices to direct them to fraudulent websites. [...]","LastPass and Bitwarden are warning users about an ongoing phishing campaign using fraudulent security notices to direct victims to fake DocuSign landing pages. The emails, sent from spoofed domains (lastpassnewsletter.com and bitwardennewsletter.com), claim policy updates and direct users to malicious sites (lastpasscompliance[.]com and bitwardencompliance[.]com) that prompt downloads of potentially malicious files. Both companies confirm their systems were not compromised and urge users to never share master passwords and to report suspicious communications.","LastPass and Bitwarden users targeted with fake security alerts via phishing emails redirecting to malicious compliance","LastPass, Bitwarden users targeted with fake security alerts By Bill Toulas July 14, 2026 11:31 AM 0 LastPass is warning users about an ongoing phishing campaign that is using fake security notices to direct them to fraudulent websites. The phishing emails are crafted to resemble legitimate corporate communications, notifying recipients of updated security policies and directing them to a landing page that impersonates DocuSign and claiming to provide a document for review. LastPass emphasizes that its systems have not been compromised and that the phishing emails did not originate from its infrastructure, despite the attackers using domains designed to appear as legitimate company services. The emails sent from ‘hello@lastpassnewsletter.com’ notify the user of alleged service policy changes in LastPass, including enhanced SaaS monitoring, master password reset options for administrators, and admin console improvements. Malicious emailSource: BleepingComputer Clicking on the ‘Review & Access Terms’ button embedded in the email takes users to a website impersonating the DocuSign service widely used for sending, signing, and managing documents electronically. However, the domain used is lastpasscompliance[.]com, which has been flagged as malicious by Microsoft Defender for Office 365 and Cloudflare. Fake DocuSign websiteSource: LastPass Although LastPass could not confirm the goal of the campaign, the company says that the fake site prompts the user to download a file claiming to support both Windows and macOS. The site offers live support through a chat box, but it is unclear if it is functional. At the time of writing, the malicious website has been taken offline. BleepingComputer has found that Bitwarden users are targeted by similar emails sent from 'hello@bitwardennewsletter.com' and redirecting them to bitwardencompliance[.]com. Email targeting Bitwarden usersSource: BleepingComputer In March, LastPass warned about fake unauthorized account access alerts impersonating the password service, targeting users with fabricated communication threads designed to increase urgency and lead to data exposure. Earlier, in January, LastPass users were targeted by fake alerts claiming they needed to back up their vaults within 24 hours, allegedly due to upcoming system maintenance. LastPass has cautioned users that it will never ask users for the master password and asked them to report any suspicious communications to abuse@lastpass.com. Users who entered credentials on phishing sites are advised to change their master passwords immediately from a trusted device and review their vaults for suspicious activity. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper Related Articles: UK fines LastPass over 2022 data breach impacting 1.6 million usersFake IT support calls on Microsoft Teams push EtherRAT malwareNew phishing kits target Microsoft 365 accounts, evade MFABluekit phishing kit adopts browser-in-the-middle for login theftNew Helix vishing group emerges in SharePoint data theft attacks","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Flastpass-bitwarden-users-targeted-with-fake-security-alerts\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2026\u002F06\u002F23\u002Flastpass.jpg","2026-07-14T15:31:52+00:00","2026-07-14T16:00:12.916503+00:00",8,[18,21,23,25,28],{"name":19,"type":20},"LastPass","product",{"name":22,"type":20},"Bitwarden",{"name":24,"type":20},"DocuSign",{"name":26,"type":27},"Microsoft","vendor",{"name":29,"type":27},"Cloudflare","2c8f44d4-b56e-47cf-9677-04f22c9ee78d",{"id":30,"icon":32,"name":33,"slug":34},null,"Identity & Access","identity-access",[36,41],{"category":37},{"id":38,"icon":32,"name":39,"slug":40},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":42},{"id":43,"icon":32,"name":44,"slug":45},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[47,51,54,58],{"type":48,"value":49,"context":50},"domain","lastpasscompliance[.]com","Malicious domain impersonating DocuSign, flagged by Microsoft Defender and Cloudflare",{"type":48,"value":52,"context":53},"bitwardencompliance[.]com","Malicious domain targeting Bitwarden users, similar phishing campaign",{"type":55,"value":56,"context":57},"email","hello@lastpassnewsletter.com","Spoofed email address used in phishing campaign impersonating LastPass",{"type":55,"value":59,"context":60},"hello@bitwardennewsletter.com","Spoofed email address used in phishing campaign impersonating Bitwarden"]