A phishing campaign is currently targeting LastPass users, using well-crafted emails that often mimic legitimate messages. Attackers aim to trick users into revealing their login credentials, potentially compromising their entire password vault.

Scammers are targeting LastPass users by sending deceptive messages claiming that the users are deceased in an attempt to extract their login credentials. These phishing attempts exploit users' emotions and trust to gain unauthorized access to their accounts. Users are advised to remain vigilant and report any suspicious communications.

The Python Software Foundation has issued a warning about new phishing attacks targeting PyPI users, urging them to reset their credentials after receiving fake emails from a fraudulent site. Victims are being misled into verifying their email for account maintenance, which could lead to credential theft and subsequent malware attacks on published packages. Users are advised to change passwords immediately and implement stronger security measures like two-factor authentication.

A phishing kit called CoGUI has sent over 580 million emails aimed at stealing credentials and payment data, primarily targeting Japan, but also affecting other countries like the US and Canada. The campaign peaked in January 2025 with 170 campaigns targeting millions of users, and it has been linked to threat actors from China. Researchers warn that the kit's adoption could expand its reach to other cybercriminals and regions.