MUST READ

Crooks impersonate LastPass in campaign to harvest master passwords

 | 

VoidLink shows how one developer used AI to build a powerful Linux malware

 | 

PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion

 | 

Access broker caught: Jordanian pleads guilty to hacking 50 companies

 | 

Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems

 | 

Telegram-based illicit billionaire marketplace Tudou Guarantee stopped transactions

 | 

UK NCSC warns of Russia-linked hacktivists DDoS attacks

 | 

Ransomware attack on Ingram Micro impacts 42,000 individuals

 | 

StealC malware control panel flaw leaks details on active attacker

 | 

Hacker pleads guilty to hacking Supreme Court, AmeriCorps, and VA Systems

 | 

Hacktivists hijacked Iran ’s state TV to air anti-regime messages and an appeal to protest from Reza Pahlavi

 | 

GootLoader uses malformed ZIP files to bypass security controls

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 80

 | 

Security Affairs newsletter Round 559 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukraine–Germany operation targets Black Basta, Russian leader wanted

 | 

China-linked APT UAT-8837 targets North American critical infrastructure

 | 

Data breach at Canada’s Investment Watchdog Canadian Investment Regulatory Organization impacts 750,000 people

 | 

China-linked APT UAT-9686 abused now patched maximum severity AsyncOS bug

 | 

Actively exploited critical flaw in Modular DS WordPress plugin enables admin takeover

 | 

A ransomware attack disrupted operations at South Korean conglomerate Kyowon

 | 

Crooks impersonate LastPass in campaign to harvest master passwords

Pierluigi Paganini January 21, 2026

Password manager LastPass warns of an active phishing campaign impersonating the service to steal users’ master passwords.

LastPass warned users about an active phishing campaign that began around January 19, 2026. Attackers impersonate the service with emails claiming urgent maintenance and urge users to back up their password vaults within 24 hours.

The messages use subject lines referencing infrastructure updates, vault security, and missed deadlines to trick victims into revealing their master passwords.

“LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team would like to alert our customers to an active phishing campaign that began on or around January 19, 2026.” reads the alert. “These phishing emails are being sent from several email addresses with various subject lines claiming that LastPass is about to conduct maintenance and urging users to backup their vaults in the next 24 hours. The known list of email addresses and subject lines can be found below.”

The campaign uses phishing emails with links claiming to help users back up their LastPass vaults. The links lead to an Amazon S3–hosted phishing page (“group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf”) that redirects to a fake LastPass site (“mail-lastpass[.]com). Attackers launched the campaign over a US holiday weekend to exploit reduced staffing and delay detection and response.

LastPass warns users it will never ask for master passwords and urges caution over phishing emails. The company is working to take down the malicious domain, asks users to report suspicious messages to [email protected], and shared indicators of compromise, including fake domains, IP addresses, sender details, and phishing email subject lines.

“The timing of the campaign, which fell over a holiday weekend in the United States, is a common tactic among threat actors seeking to take advantage of reduced staffing under the assumption it will postpone detection and draw out response time.” concludes the report.

In December 2025, the blockchain intelligence firm TRM Labs warned that encrypted vault backups stolen in the 2022 LastPass breach are still being cracked using weak master passwords, enabling crypto theft as late as 2025.

Earlier December, the U.K. ICO fined the password manager £1.2m ($1.6m ) for inadequate security measures that failed to prevent the breach.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, LastPass)

Cybercrime Hacking hacking news information security news IT Information Security LastPass phishing Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini January 21, 2026
VoidLink shows how one developer used AI to build a powerful Linux malware
Read more
Pierluigi Paganini January 20, 2026
PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Crooks impersonate LastPass in campaign to harvest master passwords

Cyber Crime / January 21, 2026

VoidLink shows how one developer used AI to build a powerful Linux malware

Malware / January 21, 2026

PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion

Malware / January 20, 2026

Access broker caught: Jordanian pleads guilty to hacking 50 companies

Cyber Crime / January 20, 2026

Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems

Hacking / January 20, 2026