408/68 Friday, October 17, 2025
Users of popular password managers LastPass and Bitwarden are being targeted in a new phishing campaign, where attackers send fake security alert emails claiming that the companies have been hacked. The emails urge recipients to immediately download a supposedly “more secure desktop version” of the software to protect their data. In reality, the download is Syncro, a Remote Monitoring and Management (RMM) tool, which is then used to install ScreenConnect, giving attackers full remote access and control over victims’ computers.
LastPass has officially confirmed that the company has not been hacked and that these messages are purely a social engineering scam. The fake emails are crafted convincingly, referencing alleged vulnerabilities in older .exe installers to add credibility and urgency. Attackers are sending the messages from lookalike domains such as ‘hello@lastpasspulse[.]blog’ and ‘hello@bitwardenbroadcast[.]blog’, with the campaign deliberately launched during long holiday periods to exploit reduced security staffing and slower detection.
Cybersecurity experts warn all password manager users to exercise extreme caution with alarming security notifications of this kind. Similar campaigns have previously targeted 1Password users with comparable tactics. The best defense is to never click links or download attachments from suspicious emails. When in doubt, verify any alerts through the provider’s official website or blog. And remember: legitimate password manager providers will never request your Master Password via email.
