Dashlane password manager users locked out by brute force attacks
Multiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. [...]
Password managers store and generate credentials, helping reduce password reuse while creating security risks if a vault or master key is compromised.
Search across headline titles and summaries.
Background for this topic.
Password managers are applications or services that generate, store, and fill credentials from an encrypted vault. Access typically depends on a master password, sometimes supplemented by multi-factor authentication (MFA); this lets each account use a long, unique secret without requiring users to memorize it. Some also store passkeys, recovery codes, or other sensitive notes, making the vault a high-value asset.
Security depends on both cryptography and surrounding software: a compromised desktop client, browser extension, synchronization service, or malicious update could expose secrets, while a weak master password or unsafe recovery process can undermine the vault. Origin-aware autofill can reduce phishing exposure, but users should verify login domains and avoid importing or sharing credentials unnecessarily. Practitioners should examine encryption and key handling, MFA and recovery controls, update history, breach disclosure, logging, and enterprise offboarding and credential-rotation features.
Weekly headline count for the current query.
Multiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. [...]
The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors. [...]
The 1Password digital vault and password manager has added built-in protection against phishing URLs to help users identify malicious pages and prevent them from sharing account credentials with threat actors. [...]
An ongoing phishing campaign is targeting LastPass and Bitwarden users with fake emails claiming that the companies were hacked, urging them to download a supposedly more secure desktop version of the password manager. [...]
LastPass is warning users of a campaign that targets macOS users with malicious software impersonating popular products delivered through fraudulent GitHub repositories. [...]
Click Studios, the company behind the Passwordstate enterprise-grade password manager, has warned customers to patch a high-severity authentication bypass vulnerability as soon as possible. [...]
Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card details. [...]
Healthcare led all industries in 2024 breaches—over 275M patient records exposed, mostly via weak or stolen passwords. See how the self-hosted password manager by Passwork helps providers meet HIPAA requirements, protect ePHI, and keep care running. Try it free for 1 month. [...]
Threat actors have been distributing trojanized versions of the KeePass password manager for at least eight months to install Cobalt Strike beacons, steal credentials, and ultimately, deploy ransomware on the breached network. [...]
U.S. authorities have seized over $23 million in cryptocurrency linked to the theft of $150 million from a Ripple crypto wallet in January 2024. Investigators believe hackers who breached LastPass in 2022 were behind the attack. [...]
A newly devised "polymorphic" attack allows malicious Chrome extensions to morph into browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. [...]
Open-source password manager Bitwarden is adding an extra layer of security for accounts that are not protected by two-factor authentication, requiring email verification before allowing access to accounts. [...]
Fake Bitwarden password manager advertisements on Facebook are pushing a malicious Google Chrome extension that collects and steals sensitive user data from the browser. [...]
Google announced that starting today, passkeys added to Google Password Manager will automatically sync between Windows, macOS, Linux, Android, and ChromeOS devices for logged-in users. [...]
Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware. [...]
Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser's password manager using your device's login, including a password, fingerprint, pin, or other biometrics [...]
Apple will reportedly unveil a standalone password manager named 'Passwords' as part of iOS 18, iPadOS 18, and macOS 15 during the upcoming Apple Worldwide Developers Conference. [...]
Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. [...]
LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. [...]
The open-source Bitwarden password manager has announced that all users can now log in to their web vaults using a passkey instead of the standard username and password pairs. [...]