LastPass and Bitwarden Users Targeted by Phishing Alerts
🔔 LastPass warns of an active phishing campaign using fake corporate-style security notices that redirect recipients to fraudulent landing pages impersonating DocuSign. The emails, claiming to announce policy updates, come from addresses like hello@lastpassnewsletter.com and lead to domains such as lastpasscompliance[.]com, which have been flagged as malicious. Bitwarden users have received similar messages from hello@bitwardennewsletter.com redirecting to bitwardencompliance[.]com. LastPass confirms its systems were not breached and urges users to never share their master password and to report suspicious messages to abuse@lastpass.com.
