<div class="OutlineElement Ltr SCXW123377749 BCX0" style="color: #000000; background-color: #ffffff; margin: 0px; padding: 0px;">
<h2 class="p1" style="color: #0f374e; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;">Risk has evolved, and we have too</h2>
As the pioneer of credential management, LastPass has always set the standard for protecting logins, users, and data. But as today&rsquo;s workforce has evolved, the challenge has too. SaaS and AI tools are fueling productivity like never before, empowering employees to move faster, automate more, and innovate on their own&mdash;but that innovation comes with a hidden cost. Every new app spun up without IT approval adds blind spots, credential risk, and compliance exposure that most businesses&nbsp;don&rsquo;t&nbsp;even realize exist. What starts as innovation quickly turns into risk.
&nbsp;
For small and midsized businesses (SMBs) and managed service providers (MSPs) specifically, this is an ever-growing nightmare. The legacy tools designed to fix it, like enterprise-grade SSPMs, CASBs, and sprawling IAM suites, are too complicated, too expensive, and too noisy for lean IT teams who just need clear, actionable insight into their SaaS risk landscape. They&nbsp;don&rsquo;t&nbsp;have time to wrestle with integrations or decipher endless dashboards. They need simple visibility and control that works from a browser extension they already know and trust, without another deployment project or six-figure license.
&nbsp;
And while some password management vendors are trying to catch up by&nbsp;acquiring&nbsp;new technologies&nbsp;or rebranding piecemeal add-ons, the result is predictable: a patchwork of disconnected tools, inconsistent interfaces, and separate price tags that make the user experience more complex&mdash;not more secure.
<h2 class="p1" style="color: #0f374e; margin: 0px;">Visibility, control, and peace of mind&nbsp;</h2>
At LastPass, we took a different approach. We built secure access from the ground&nbsp;up,&nbsp; combining&nbsp;visibility, control, and protection in one unified plan that scales seamlessly across departments and clients: Business Max.
&nbsp;
Business Max is our most advanced plan, built to give SMBs and MSPs enterprise-grade access control without&nbsp;the enterprise-grade complexity. It combines everything organizations need to secure today&rsquo;s SaaS-driven workplace in one, cost-effective package:
<ul class="ul1" style="color: #000000;">
 <li class="li2" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Credential Management &ndash; to standardize how employees create, store, and share credentials securely across the business</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li2" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">SaaS Monitoring &ndash; to uncover hidden and risky applications employees are using</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li2" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">SaaS Protect &ndash; to&nbsp;take action&nbsp;on that visibility by setting usage rules, blocking unapproved tools, and enforcing policies in real time</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li2" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Advanced SSO and MFA &ndash; to unify access across every app and login, extending protection beyond passwords</li>
</ul>
<h2 class="p1" style="color: #0f374e; margin: 0px;">Who is Business Max for?</h2>
Business Max was purpose-built for lean IT teams who&nbsp;don&rsquo;t&nbsp;have hours to manage multiple consoles or deploy heavyweight tools. Whether&nbsp;you&rsquo;re&nbsp;securing your own workforce or supporting multiple client environments, it delivers a single,&nbsp;simple way&nbsp;to see, control, and protect every app in use without new agents, extra complexity, or separate licenses.
&nbsp;
And the traction speaks for itself: in just six months,&nbsp;nearly 5,000&nbsp;organizations have&nbsp;purchased&nbsp;or expanded into Business Max. That momentum reflects a growing realization among small and midsized businesses and MSPs alike that secure access&nbsp;doesn&rsquo;t&nbsp;have to be complicated to be powerful.&nbsp;
&nbsp;
&ldquo;Growing demand is developing for tools that address both traditional credential management and emerging risks like shadow IT. LastPass&rsquo;s recent roadmap execution shows meaningful progress in that direction.&rdquo; &mdash; Carlos E. Rivera, Info-Tech Research Group&nbsp;
&nbsp;
And that progress is already being felt in the field, too. SMBs like&nbsp;<a href="https://www.lastpass.com//-/media/4adc006cd69e4863bf1b7919676735ca.pdf">Axxor</a>, a global manufacturer with a lean IT team, are using Business Max to balance innovation and control.&nbsp;
&nbsp;
&ldquo;People are experimenting with AI tools&hellip; We&nbsp;don&rsquo;t&nbsp;want to block innovation, but we do want to guide it safely. LastPass is smart, secure, and it just works.&rdquo; &mdash; Wout&nbsp;Zwiep, Process Engineer,&nbsp;Axxor
<h2 class="p1" style="color: #0f374e; margin: 0px;">New SaaS Protect features released today&nbsp;</h2>
The response to Business Max has made one thing clear: organizations are done with over-engineered security. They want unified visibility and control that work, delivered in a browser extension they already trust. That validation drives us to keep raising the bar&mdash; and today,&nbsp;we&rsquo;re&nbsp;doing just that with our newest release of SaaS Protect. This release includes expanded app visibility, enhanced alerting, and&nbsp;additional&nbsp;customization options to extend and reinforce protection for every&nbsp;team&nbsp;leveraging&nbsp;Business Max.&nbsp;
<h3 class="p1" style="color: #0f374e; margin: 0px;">Key features</h3>
Bird&rsquo;s Eye View of All SaaS Usage Rules: With a new SaaS Protect dashboard, you can now see all applications and usage rules&nbsp;at a glance&nbsp;&mdash; creating a true single-pane-of-glass view of what applications are allowed, restricted, or blocked across your organization.&nbsp;
What this means for admins: a faster, clearer way to assess SaaS risk, enforce policies, and&nbsp;take action, without navigating between dashboards.&nbsp;
<img src="https://cdn.lputil.com/-/media/1081e63a1f5948ecba5c799246216463.png" >
Proactive Control with Custom App Additions:&nbsp;You can now add custom or organization-specific applications to the LastPass catalog, enabling you to define usage rules and policies before those apps are even discovered by SaaS Monitoring.
What this means for admins: the ability to take a proactive approach to SaaS access governance &mdash; setting expectations and controls early to prevent risky usage before it starts.
<img src="https://cdn.lputil.com/-/media/658a4e2f4f0a42d0ac8d56a493a2f67c.png" >
Smarter Alerts for Credential and Access Risk:&nbsp;New, enhanced alert types automatically detect and flag breached credentials and expired passwords &mdash; helping you strengthen security posture in real time.
What this means for admins: immediate visibility into risky credential behavior, so they can respond quickly, reduce exposure, and&nbsp;maintain&nbsp;compliance without manual investigation.
<img src="https://cdn.lputil.com/-/media/5393a1a7b95e48599255594c3fa41dc4.png" >
Clearer Communication with Rule Prompt Previews:&nbsp;Before rolling out new usage rules, you can now preview the exact message employees will see &mdash; and adjust language to improve clarity and reduce confusion.
What this means for admins: smoother rollouts, better user understanding, and higher policy adoption rates &mdash; all without friction or disruption.
<img src="https://cdn.lputil.com/-/media/d78d46da7f3344d6aeada34f88d29c5a.png" >
Want&nbsp;to see these features in action? Watch a demo below.
<iframe width="560" height="315" src="https://www.youtube.com/embed/zgWB4ck3Yq4?si=oawPeUilsNpGSl9e" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin"></iframe>
<h2 class="p5" style="color: #0f374e; margin: 0px 0px 13px;">Secure access that matters right now</h2>
For SMBs and MSPs, the stakes have never been higher. SaaS adoption is surging faster than security teams can keep up, and every unmonitored login widens the attack surface. As Forrester echoes, &ldquo;More than half of IT leaders say SaaS growth is outpacing their ability to secure it&rdquo; &mdash; and the&nbsp;financial impact&nbsp;can be&nbsp;staggering.&nbsp;
Organizations without centralized control over their SaaS environment are five times more likely to experience data loss or a cyber incident, which can cost up to $1 million dollars for SMBs depending on scope and severity. For many organizations,&nbsp;that&rsquo;s&nbsp;not just a&nbsp;setback,&nbsp;it&rsquo;s&nbsp;an existential threat.
That&rsquo;s&nbsp;why Business Max was built with SMBs and MSPs in mind.&nbsp;It&rsquo;s&nbsp;actionable control without enterprise-grade complexity. No new agents or software to install, no long rollouts, and no new systems to learn. You can uncover hidden SaaS apps, set usage rules, and enforce safer access in minutes, not weeks &mdash; turning visibility into action from day one.&nbsp;
Given the current threat landscape, waiting&nbsp;isn&rsquo;t&nbsp;an option; and with LastPass Business Max, you&nbsp;don&rsquo;t&nbsp;have to.
<h3 class="p5" style="color: #0f374e; margin: 0px 0px 13px;">Learn More</h3>
New to Business Max? Check out our webpage to learn more and deep dive into its features:&nbsp;<a href="https://www.lastpass.com/products/business-max">https://www.lastpass.com/products/business-max</a>
<div class="OutlineElement Ltr SCXW265932653 BCX0" style="color: #000000; background-color: #ffffff; margin: 0px; padding: 0px;">
<p class="Paragraph SCXW265932653 BCX0" paraid="1552441698" paraeid="{84b5aea2-1fa0-460b-b82a-e90901488fca}{5}" style="color: windowtext; background-color: transparent; margin-right: 0px; margin-left: 0px; padding: 0px;">Sources:
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: #386573; margin: 0px;"><a href="https://www.forrester.com/report/data-overview-technology-landscapes-continue-to-grow-with-saas/RES182400?utm_source=chatgpt.com">https://www.forrester.com/report/data-overview-technology-landscapes-continue-to-grow-with-saas/</a></li>
 <li class="li1" style="color: #386573; margin: 0px;"><a href="https://www.block64.com/blog/the-hidden-costs-of-saas-sprawl-why-its-happening-and-how-bad-its-getting">https://www.block64.com/blog/the-hidden-costs-of-saas-sprawl-why-its-happening-and-how-bad-its-getting</a></li>
 <li class="li1" style="color: #386573; margin: 0px;"><a href="https://bigid.com/blog/a-cost-comparison-of-data-breaches/">https://bigid.com/blog/a-cost-comparison-of-data-breaches/</a></li>
</ul>
</div>
<div class="ListContainerWrapper SCXW265932653 BCX0" style="color: #000000; background-color: #ffffff; margin: 0px; padding: 0px;">
<p aria-setsize="-1" data-leveltext="" data-font="Symbol" data-list-defn-props="{'335552541':1,'335559685':720,'335559991':360,'469769226':'Symbol','469769242':[8226],'469777803':'left','469777804':'','469777815':'hybridMultilevel'}" data-aria-posinset="3" data-aria-level="1" role="listitem" class="OutlineElement Ltr SCXW265932653 BCX0" style="margin: 0px; padding: 0px;">

</div>
<p aria-setsize="-1" data-leveltext="" data-font="Symbol" data-list-defn-props="{'335552541':1,'335559683':0,'335559684':-2,'335559685':720,'335559991':360,'469769226':'Symbol','469769242':[8226],'469777803':'left','469777804':'','469777815':'hybridMultilevel'}" data-aria-posinset="3" data-aria-level="1" role="listitem" class="OutlineElement Ltr SCXW69013620 BCX0" style="margin: 0px; padding: 0px;">

</div>

LastPass Launches New SaaS Protect Features to Enhance Secure Access Controls Over Unapproved Apps

Business Max is our most advanced plan, built to give SMBs and MSPs enterprise-grade access control without the enterprise-grade complexity.

Get LastPass Free

Create and store secure passwords for yourself, your team or business.

Why LastPass?

Remember fewer passwords and log in faster with our browser extension.

How LastPass works

LastPass zero-knowledge security model keeps your data private even from us.

Security Architecture

Compare LastPass competitors, plans, and features in one place

Compare LastPass

Overview

Password management

Save and autofill

Password generator

Password sharing

Passkeys

Dark web monitoring

Security dashboard

Key Features

Free LastPass Premium trial, no credit card required.

Free LastPass Business trial, no credit card required.

Let our experts help you find the right plan and successfully deploy LastPass.

Sync passwords across all devices, monitor password health, data breaches and much more.

Personal

Premium password management for family or group of 6 people.

Families

Personal Plans

Password vault

Save & autofill

Automatic device sync

Emergency access

Personal password sharing

FOR INDIVIDUALS

30-day free LastPass Premium trial, no credit card required.

30-day free LastPass Families trial, no credit card required.

Limited to 1 device type and basic password management features.

Designed for businesses of all sizes, from small startups to enterprises.

Business

Simplify secure access straight from the browser with more admin control.

Business Max

For single teams just getting started with password management.

Teams

Designed to keep your clients' credentials protected and private.

Business Plans

User management

SaaS Monitoring

SaaS Protect

Business sharing

Multifactor Authentication

Integrations

Single Sign-on

Identity management

For admins

Marketing teams

Legal teams

HR teams

Business leaders

IT admins

Solutions by role

Case studies

Webinars

Product demos

Events

Trust Center

Compliance Center

Security architecture

LastPass University

Resource Center

Pricing

Join the LastPass Partner Program to provide even more value to your customers.

Partner program overview

Managed Service Providers

Resellers

Cloud marketplaces

Technology Alliance Partners

LastPass Partner Program

Grow new revenue streams by meeting customer's security needs.

Looking for help or interested in becoming a LastPass partner? Get in touch with our partner team.

Connect with trusted LastPass Partners to support your security needs.

Partners

Self-service library of resources and guides for all LastPass products.

Support Center

Community forum

System status

Help

Personal support for all LastPass’ subscribed customers.

Support

Get LastPass free

Submit sales inquiry

Chat with sales

Request a demo

Find a partner

Contact sales

Log in

In a year defined by rapid SaaS adoption, AI‑driven workflows, and increasingly distributed teams, secure access has never been more essential.&nbsp;That&rsquo;s&nbsp;why&nbsp;we&rsquo;re&nbsp;proud to share that LastPass has been named one of the&nbsp;top software products of 2026&nbsp;in the&nbsp;G2 Best Software Awards.&nbsp;
G2&rsquo;s annual awards evaluate thousands of products across every software category. To qualify, each solution must earn a significant volume of&nbsp;recent,&nbsp;verified&nbsp;reviews&nbsp;and&nbsp;demonstrate&nbsp;consistent customer impact.&nbsp;&nbsp;
This&nbsp;year&rsquo;s&nbsp;methodology&nbsp;placed even greater weight on authenticity, trust, and user outcomes,&nbsp;making recognition especially meaningful. It reflects what matters most: the confidence customers place in LastPass to deliver&nbsp;secure, seamless access&nbsp;for their teams.&nbsp;
<h2 class="p3" style="color: #191919; margin: 0px 0px 19.9px;">Why customers continue to choose LastPass for secure access&nbsp;</h2>
Across thousands of reviews, several themes consistently rise to the top:&nbsp;
<ul class="ul1" style="color: #000000;">
 <li class="li4" style="color: #191919; margin: 0px;">Secure&nbsp;access&nbsp;across&nbsp;every&nbsp;device:&nbsp;Whether employees are logging in from a laptop, mobile device, or browser extension, LastPass ensures&nbsp;secure access follows them everywhere.&nbsp;Credentials stay encrypted, synced, and ready&nbsp;without compromising convenience.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li4" style="color: #191919; margin: 0px;">Stronger&nbsp;passwords,&nbsp;safer&nbsp;logins:&nbsp;Our&nbsp;<a href="https://www.lastpass.com/features/password-generator">password generator</a>&nbsp;and autofill capabilities help teams create and use strong, unique passwords automatically. By reducing manual entry, LastPass not only saves time but also helps prevent phishing and credential‑based attacks.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li4" style="color: #191919; margin: 0px;">Ease of&nbsp;use&nbsp;that&nbsp;drives&nbsp;adoption:&nbsp;Secure access only works when people actually use it.&nbsp;Reviewers consistently highlight how intuitive LastPass is for every employee:&nbsp;from tech‑savvy power users to those who just want a simple, secure way to log in.&nbsp;</li>
</ul>
These strengths&nbsp;remain&nbsp;foundational. But as SaaS sprawl and&nbsp;shadow IT&nbsp;(unapproved tech)&nbsp;accelerate,&nbsp;organizations&nbsp;need visibility, governance, and control across every&nbsp;app&nbsp;employees&nbsp;touch.&nbsp;&nbsp;
<h2 class="p5" style="color: #191919; margin: 0px 0px 16px;">Business Max: The future of unified secure access&nbsp;</h2>
To help organizations stay ahead of evolving risks, we introduced&nbsp;<a href="https://www.lastpass.com/products/business-max">Business Max</a>,&nbsp;a comprehensive solution designed to unify secure access, SaaS visibility, and policy enforcement in one streamlined platform.&nbsp;Business Max brings together four essential capabilities:&nbsp;
<ul class="ul1" style="color: #000000;">
 <li class="li4" style="color: #191919; margin: 0px;">Credential&nbsp;management:&nbsp;Centralize how employees create, store, and share credentials with zero‑knowledge encryption. Every login starts with secure access by default.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li4" style="color: #191919; margin: 0px;">SaaS Monitoring:&nbsp;Automatically&nbsp;<a href="https://blog.lastpass.com/posts/clarity-not-chaos-take-back-control-with-lastpass-saas-monitoring">discover&nbsp;every&nbsp;SaaS and AI tool</a>&nbsp;employees use,&nbsp;approved or not. With full visibility, IT teams can finally understand where access risks originate.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li4" style="color: #191919; margin: 0px;">SaaS Protect:&nbsp;Turn insights into action.&nbsp;<a href="https://blog.lastpass.com/posts/lastpass-launches-new-saas-protect-features">Block or restrict risky apps</a>, guide employees toward approved tools, and enforce access policies in real time. Admins can even preview the exact message employees will see before rolling out new rules.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li4" style="color: #191919; margin: 0px;">Advanced SSO &amp; MFA:&nbsp;Extend secure access beyond passwords with integrated SSO and MFA. Employees get a frictionless login experience, while IT gains centralized control.&nbsp;</li>
</ul>
Together, these capabilities give organizations a single, unified way to secure every login, every app, and every user&nbsp;&ndash;&nbsp;without&nbsp;deploying multiple tools or adding unnecessary complexity.&nbsp;
<h2 class="p3" style="color: #191919; margin: 0px 0px 19.9px;">Recognition rooted in customer trust&nbsp;</h2>
Being named a top product in the 2026 G2 Best Software Awards is more than an accolade &ndash;&nbsp;it&rsquo;s&nbsp;a reflection of the businesses who rely on LastPass to protect their people, data, and workflows every day. And as SaaS and AI continue to reshape how work gets done,&nbsp;we&rsquo;ll&nbsp;keep building solutions that make secure access effortless, scalable, and ready for whatever comes next.&nbsp;
<div class="button-container"><a rel="noopener noreferrer" href="https://www.lastpass.com/trial/business?max=true" target="_blank"><button class="lp-button lp-button--primary">Try Business</button></a><a rel="noopener noreferrer" href="https://www.lastpass.com/resources/demo/password-and-identity-management" target="_blank"><button class="class lp-button--red-outline">Request a Demo</button></a></div>

LastPass Recognized as a Top Software Product in the 2026 G2 Best Software Awards

This recognition reflects what matters most: the confidence customers place in LastPass to deliver secure, seamless access for their teams. 

what is adaptive authentication

<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Adaptive authentication adjusts access based on contextual factors, like location, device type, and login patterns.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Modern Phishing-as-a-Service (PaaS) kits can intercept traditional 2FA&nbsp;codes,&nbsp;but FIDO2&rsquo;s cryptographic challenge blocks access.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Pairing adaptive authentication with FIDO2 creates a layered security system that protects your team while reducing login friction.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">LastPass federates with adaptive MFA providers like Duo, Entra ID, and Okta so your employees can access their LastPass vaults with your&nbsp;existing&nbsp;MFA policies. This adds credential security without creating another authentication silo.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Businesses of all sizes can&nbsp;enjoy&nbsp;enterprise-grade security via LastPass Business Max&nbsp;-&nbsp;as&nbsp;demonstrated&nbsp;by&nbsp;Axxor, the global manufacturer&nbsp;that&nbsp;achieved digital transformation with LastPass.&nbsp;&nbsp;</li>
</ul>

Key takeaways: Adaptive authentication

FAQs: Adaptive authentication

Adaptive authentication adjusts access based on contextual factors, like location, device type, and login patterns. LastPass federates with adaptive MFA providers like Duo, Entra ID, and Okta.

32% of Small Businesses Would Close from a $10,000 Loss – Here's How Adaptive Authentication Prevents It 

At LastPass,&nbsp;we&nbsp;welcome the opportunity to&nbsp;engage with&nbsp;security&nbsp;researchers&nbsp;who&nbsp;review our architecture,&nbsp;validate&nbsp;assumptions, and&nbsp;help&nbsp;strengthen our defenses.&nbsp;Recently, an academic&nbsp;research team&nbsp;from ETH Zurich&nbsp;evaluated several cloud-based&nbsp;password managers&nbsp;and&nbsp;reported&nbsp;a&nbsp;set of&nbsp;findings&nbsp;relevant to LastPass. These&nbsp;issues&nbsp;touch areas such as account recovery, sharing,&nbsp;and&nbsp;vault integrity.&nbsp;

 
We very much appreciate the work&nbsp;of the&nbsp;security researchers to&nbsp;identify&nbsp;and responsibly&nbsp;disclose&nbsp;potential vulnerabilities as it&nbsp;ultimately plays&nbsp;an important role&nbsp;in helping to keep our customers safe.&nbsp;This post explains, in plain English, what was reported, what it means for customers, and how we are hardening LastPass in response. 
&nbsp;
Industry context: The issues discussed reflect security challenges common to&nbsp;cloud-based&nbsp;password managers, particularly&nbsp;with regards&nbsp;to&nbsp;field-level&nbsp;encryption&nbsp;and the identity challenge of public keys.&nbsp;As outlined in the research,&nbsp;&ldquo;Introducing proper&nbsp;authentication&nbsp;of public keys&nbsp;is&nbsp;non-trivial.&rdquo;&nbsp;Our focus here is on the concrete steps we are taking within LastPass.&nbsp;
&nbsp;
<h2 class="p2" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">What was reported:</h2>
The&nbsp;ETH Zurich&nbsp;research describes several&nbsp;theoretical&nbsp;ways a&nbsp;highly privileged attacker,&nbsp;one with control over infrastructure or the ability to tamper with server responses,&nbsp;could&nbsp;attempt&nbsp;to interfere with how password managers handle encrypted data.&nbsp;Specifically with regards to&nbsp;LastPass, the reported issues fall into five broad areas:&nbsp;
<ul>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Account recovery (admin resets):In some business environments,&nbsp;a&nbsp;user with&nbsp;administrative privileges&nbsp;can help&nbsp;another&nbsp;user reset their account. This process relies on&nbsp;the validation of&nbsp;cryptographic&nbsp;public&nbsp;keys, and making sure those keys truly belong to the right person is a&nbsp;persistent&nbsp;challenge&nbsp;for&nbsp;many password managers.&nbsp;&nbsp;</li>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Sharing passwords or items:When you share something with another person, LastPass encrypts it using that person&rsquo;s&nbsp;public&nbsp;key&nbsp;so that only they can decrypt it.&nbsp;Similar to&nbsp;the challenges&nbsp;with account recovery, confirming that a key&nbsp;actually belongs&nbsp;to the intended recipient&nbsp;is a&nbsp;difficult&nbsp;problem for many password managers.&nbsp;In theory, a malicious server could try to swap that key and access the shared item.&nbsp;</li>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">How vault items are built:Each vault entry, like a&nbsp;credentialor&nbsp;a&nbsp;secure note, is made up of several separate encrypted pieces. Without&nbsp;validation of the items&nbsp;that&nbsp;are bound&nbsp;together,&nbsp;an&nbsp;adversarywith the ability to tamper with data&nbsp;on the server side&nbsp;could try to move encrypted parts around between fields or items.&nbsp;</li>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Website icons and URLs:LastPass sometimes fetches website icons to help customers&nbsp;organize their vaults and quickly&nbsp;identify&nbsp;entries.&nbsp;If a vault item&nbsp;was&nbsp;swapped using the above method, that swapped item or field would be displayed.&nbsp;</li>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">KDF&nbsp;brute-force&nbsp;attacks:LastPass&nbsp;allows&nbsp;users to change their derivation number. If an adversary was able to intercept the connection, then there would be a possibility to reduce the count to enable quicker offline&nbsp;guessing of&nbsp;weak passwords.&nbsp;</li>
</ul>
It is important to note that each of&nbsp;these&nbsp;scenarios&nbsp;assumes&nbsp;an advanced attacker&nbsp;with persistent access&nbsp;to&nbsp;our&nbsp;production&nbsp;infrastructure.&nbsp;They&nbsp;do not reflect normal LastPass operation or expected user behavior.&nbsp;&nbsp;
&nbsp;
<h2 class="p2" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">&nbsp;What this means for customers today</h2>
<ul>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">No evidence of exploitation: To be clear,&nbsp;we&nbsp;have found no&nbsp;indication that these techniques have been used&nbsp;to compromise&nbsp;LastPass&nbsp;or&nbsp;our&nbsp;customers.&nbsp;</li>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">No immediate action&nbsp;required: Customers should continue using LastPass as normal.&nbsp;To continue to receive the best possible secure access experience, we always recommend that&nbsp;users check to&nbsp;ensure they are&nbsp;up-to-date and&nbsp;using&nbsp;the latest version of our browser extensions and apps.&nbsp;</li>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">We are&nbsp;on&nbsp;it!:&nbsp;Our Security team is grateful for the opportunity to&nbsp;engage&nbsp;with ETH Zurich and benefit from their research.&nbsp;&nbsp;As a result, we have already implemented multiple near-term hardening measures,&nbsp;while also&nbsp;commencing&nbsp;work on&nbsp;additional&nbsp;longer-term improvements designed to address their findings&nbsp;(see below).</li>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Admins&nbsp;can expect future updates: Some&nbsp;upcoming&nbsp;improvements,&nbsp;particularly those related to cryptographic settings,&nbsp;will require coordinated updates&nbsp;for our&nbsp;Business&nbsp;users.&nbsp;&nbsp;</li>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Zero Knowledge:&nbsp;As mentioned by ETH Zurich in their research paper, &lsquo;Zero-Knowledge Encryption&rsquo;&nbsp;is a term widely used by vendors of cloud-based password managers."&nbsp; Much like many of our peers, LastPass operates with a zero-knowledge approach; this means that sensitive vault data is only transferred to LastPass once it has been encrypted, as described more fully in&nbsp;our&nbsp;<a href="https://support.lastpass.com/s/document-item?language=en_US&amp;sfdcIFrameOrigin=null&amp;bundleId=lastpass&amp;topicId=LastPass/lastpass_technical_whitepaper.html&amp;_LANG=enus">Technical Whitepaper</a>.&nbsp;</li>
</ul>
<h2 class="p2" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">&nbsp;What&nbsp;we&rsquo;ve&nbsp;already addressed</h2>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Icon and URL handling: We have already completed mitigations related to how icon URLs are processed, addressing the scenario described by researchers.&nbsp;</li>
</ul>
<h2 class="p2" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">What is imminent</h2>
Password&nbsp;strength settings&nbsp;
Our teams are actively working on&nbsp;enhancements that include:
<ul>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Improving how cryptographic parameters are&nbsp;validated&nbsp;and authenticated.&nbsp;</li>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Enforcing safe configurations and preventing unauthorized downgrades.&nbsp;</li>
</ul>
This work&nbsp;will&nbsp;require a coordinated migration, which&nbsp;is&nbsp;currently&nbsp;planned&nbsp;for March&nbsp;2026. We will provide&nbsp;fixes, documentation, and advance notice to&nbsp;users&nbsp;help&nbsp;ensure a smooth transition. 

<h2 class="p2" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">What&nbsp;we&rsquo;re&nbsp;improving next&nbsp;</h2>
The remaining items are being addressed as part of our&nbsp;efforts to&nbsp;strengthen protections across both clients and services.&nbsp;
Account recovery and sharing&nbsp;
<ul>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Hardening admin password&nbsp;resetflows to ensure all public keys involved are&nbsp;securely&nbsp;authenticated.&nbsp;</li>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Strengthening sharing workflows so recipient keys cannot be substituted or overwritten by a&nbsp;malicious intermediary.&nbsp;</li>
</ul>
Enhanced&nbsp;vault&nbsp;integrity and metadata protection&nbsp;
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Our product teams are actively working to&nbsp;add&nbsp;stronger integrity&nbsp;guarantees to&nbsp;better&nbsp;cryptographically bind items, fields, and metadata,&nbsp;thereby helping to&nbsp;maintain&nbsp;integrity assurance.&nbsp;</li>
</ul>
<h2 class="p2" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Best&nbsp;practices&nbsp;for&nbsp;Business&nbsp;Administrators</h2>
At LastPass,&nbsp;we are committed&nbsp;to&nbsp;strengthen&nbsp;the security of our infrastructure&nbsp;and&nbsp;assuring our customers that their data is private, protected, and secure.&nbsp;We do, however,&nbsp;recommend that&nbsp;LastPass&nbsp;users&nbsp;continue&nbsp;to&nbsp;follow these best&nbsp;practices&nbsp;designed&nbsp;to&nbsp;help&nbsp;ensure their sensitive&nbsp;vault&nbsp;data&nbsp;remains&nbsp;well-secured:&nbsp;&nbsp;
<ul>
 <li class="li8" style="color: #386573; margin: 0px;"><a href="https://support.lastpass.com/s/document-item?language=en_US&amp;_LANG=enus&amp;bundleId=lastpass&amp;topicId=LastPass%2FEnable_Multifactor_Authentication_Admins.html">Require MFA and/or SSO for all administrative accounts.</a></li>
 <li class="li8" style="color: #386573; margin: 0px;"><a href="https://support.lastpass.com/s/document-item?language=en_US&amp;bundleId=lastpass&amp;topicId=LastPass/uac_admin_roles.html&amp;_LANG=enus">Limit the number of super admins and regularly review admin roles</a>.&nbsp;</li>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Confirm that&nbsp;all users&nbsp;are&nbsp;on the latest&nbsp;version of&nbsp;LastPass&nbsp;<a href="https://support.lastpass.com/s/document-item?language=en_US&amp;bundleId=lastpass&amp;topicId=LastPass/use-browser-extension.html&amp;_LANG=enus">extensions</a>&nbsp;and&nbsp;<a href="https://support.lastpass.com/s/document-item?language=en_US&amp;bundleId=lastpass&amp;topicId=LastPass/FAQ_Manage_Automatic_Updates.html&amp;_LANG=enus">apps</a>.&nbsp;</li>
 <li class="li8" style="color: #386573; margin: 0px;"><a href="https://support.lastpass.com/s/document-item?language=en_US&amp;sfdcIFrameOrigin=null&amp;bundleId=lastpass&amp;topicId=LastPass/c_about_shared_folders.html&amp;_LANG=enus">Apply&nbsp;the principle of&nbsp;least&nbsp;privilege&nbsp;to sharing and shared folders</a>.&nbsp;</li>
</ul>
<h2 class="p2" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Our ongoing commitment</h2>
Over the last several years, we have&nbsp;made multi-million-dollar investments&nbsp;to harden our security.&nbsp;To learn more about this ongoing commitment,&nbsp;visit&nbsp;<a href="https://www.lastpass.com/security/is-lastpass-secure">Is LastPass Secure</a>&nbsp;and read&nbsp;<a href="https://support.lastpass.com/s/document-item?language=en_US&amp;bundleId=lastpass&amp;topicId=LastPass/incident-work-completed-roadmap.html&amp;_LANG=enus">What We Have Done to Secure LastPass.</a>
&nbsp;&nbsp;
Today, our&nbsp;commitments&nbsp;remain&nbsp;clear:&nbsp;
<ul>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Defense in depth through stronger cryptographic integrity&nbsp;</li>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Transparent communication with customers and admins&nbsp;</li>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Thoughtful migrations that prioritize data safety and usability&nbsp;</li>
</ul>

Details on hardening in response to ETH Zurich-reported security issues

Learn how LastPass is strengthening security following ETH Zurich research findings, with new hardening measures, upcoming improvements, and guidance for admins.

Protecting Customers: Details on Hardening in Response to ETH Zurich-Reported Security Issues

What Are the 9 Essential Elements of a Cyber Resilience Strategy in 2026?

FAQs: The Cyber Resilience Playbook

You don’t need a sprawling tech stack to defend your business – you just need to follow these nine steps.

What the 2026–2028 NSW Government Cyber Security Strategy Reveals About Identity Resilience

The 2026&ndash;2028 NSW Government Cyber Security Strategy reveals what modern organizations must secure:&nbsp;
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">24-hour breach reporting + continuous compliance&nbsp;are&nbsp;now mandatory,&nbsp;requiring real-time visibility into credentials, SaaS apps, and access behaviour&nbsp;</li>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Zero-trust architecture starts with identity,&nbsp;but passwords alone&nbsp;aren't&nbsp;enough when 98% of employees use unsanctioned SaaS and AI tools (Varonis, 2025)</li>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Identity resilience = credential management + SaaS discovery + access control.&nbsp;LastPass Business Max delivers all three without agents or APIs&nbsp;</li>
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Shadow IT costs $5.3M per&nbsp;breach (IBM, 2024).&nbsp;Securing&nbsp;access means knowing where employees log in, not just how&nbsp;</li>
</ul>

Key takeaways

LastPass gives you the Secure Access Essentials you need to meet these expectations without the complexity, cost, or deployment time of enterprise platforms. 

The Cyber&nbsp;Resilience&nbsp;Playbook from Dr. Chase Cunningham (&ldquo;Dr. Zero Trust&rdquo;), a&nbsp;new consolidation of 26 breach&nbsp;studies,&nbsp;reveals a stark reality:&nbsp;emerging and mid-sized companies are now squarely in the crosshairs of cybercriminals.&nbsp;
The findings&nbsp;underscore that no business is &ldquo;too small&rdquo; to be targeted. From ransomware to supply chain compromise, the&nbsp;data&nbsp;shows that attackers are scaling their operations with automation and artificial intelligence (AI), while smaller firms&nbsp;lag behind&nbsp;in defenses.&nbsp;
Below are the&nbsp;five&nbsp;most critical threats every growing business must understand in&nbsp;2026.&nbsp;
<div class="button-container"><a rel="noopener noreferrer" href="https://lastpass.com/enterprise_trial.php" target="_blank"><button class="lp-button lp-button--primary">Try Business</button></a><a rel="noopener noreferrer" href="https://www.lastpass.com/resources/demo/password-and-identity-management" target="_blank"><button class="class lp-button--red-outline">Request a Demo</button></a></div>
<h2 class="p3" style="color: rgba(0, 0, 0, 0.85); margin: 0px 0px 16px;">5&nbsp;critical&nbsp;cyber&nbsp;threats for&nbsp;emerging&nbsp;and&nbsp;mid-sized&nbsp;companies in 2026&nbsp;</h2>
<h3 class="p4" style="color: rgba(0, 0, 0, 0.85); margin: 0px 0px 16.4px;">1) Ransomware&nbsp;is&nbsp;rampant&nbsp;</h3>
What&rsquo;s&nbsp;happening:&nbsp;<a href="https://blog.lastpass.com/posts/ransomware">Ransomware</a>&nbsp;remains&nbsp;the defining threat for&nbsp;emerging and mid-sized&nbsp;companies.&nbsp;In the 2025 DBIR, ransomware was present in&nbsp;88%&nbsp;of breaches affecting emerging&nbsp;and mid‑sized companies&nbsp;(versus&nbsp;39%&nbsp;for large enterprises),&nbsp;underscoring disproportionate downtime risk for lean teams. Attackers calibrate ransom demands to victim size and often target backups first to maximize pressure.&nbsp;&nbsp;
Why it matters:&nbsp;Growing businesses&nbsp;typically lack redundant infrastructure or mature disaster recovery, so encryption events halt operations entirely. However, resilience is improving: more victims are refusing to pay as backup strategies&nbsp;strengthen,&nbsp;and&nbsp;incident response&nbsp;plans are rehearsed. The Playbook documents how reliable, accessible, and&nbsp;immutable/offline&nbsp;backups transform ransomware from existential to manageable.&nbsp;
Action to take:&nbsp;&nbsp;
<ul>
 <li class="li6" style="color: #0a0a0a; margin: 0px;">Enforce the 3‑2‑1 rule&nbsp;(3 copies of data, on 2 different media, with 1 offsite).&nbsp;</li>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Add immutable cloud copies.&nbsp;</li>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Protect backup credentials in a vault.&nbsp;</li>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Test&nbsp;restores quarterly to&nbsp;validate&nbsp;Recovery Point Objective (RPO)/Recovery Time Objective (RTO).&nbsp;&nbsp;</li>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Pair backups with a concise ransomware response playbook (triage, restore order, communication templates).&nbsp;</li>
</ul>
<h3 class="p4" style="color: rgba(0, 0, 0, 0.85); margin: 0px 0px 16.4px;">2) Credential&nbsp;theft &amp; &ldquo;malware‑free&rdquo;&nbsp;intrusions&nbsp;</h3>
What&rsquo;s&nbsp;happening:&nbsp;Attackers increasingly bypass&nbsp;traditional&nbsp;<a href="https://blog.lastpass.com/posts/malware-attacks">malware</a>&nbsp;by abusing&nbsp;valid credentials.&nbsp;CrowdStrike observed&nbsp;79%&nbsp;of intrusions in 2024 were &ldquo;malware‑free,&rdquo; relying on living‑off‑the‑land techniques and legitimate admin tools. In web applications,&nbsp;88%&nbsp;of breaches involved stolen credentials&nbsp;(DBIR), and cloud compromises&nbsp;frequently&nbsp;hinge on account abuse rather than exploits.&nbsp;&nbsp;
Why it matters:&nbsp;With valid credentials, adversaries blend into normal traffic, sidestep signature‑based defenses, and move laterally fast. The Playbook frames identity as&nbsp;priority #1&nbsp;&ndash;&nbsp;if&nbsp;authentication and access controls are weak, everything downstream is at risk.&nbsp;
Action to take:&nbsp;
<ul>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Turn on&nbsp;MFA&nbsp;everywhere (email, VPN, admin panels, finance).&nbsp;</li>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Prefer&nbsp;phishing‑resistant MFA&nbsp;(FIDO2/WebAuthn) for high‑risk users.&nbsp;</li>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Mandate an&nbsp;enterprise-grade&nbsp;password manager&nbsp;to&nbsp;eliminate&nbsp;reuse, centralize vaulting, and&nbsp;monitor for&nbsp;exposed credentials.&nbsp;</li>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Enforce&nbsp;least privilege, remove shared accounts, and run quarterly access reviews&nbsp;</li>
</ul>
<h3 class="p4" style="color: rgba(0, 0, 0, 0.85); margin: 0px 0px 16.4px;">3) Social&nbsp;engineering:&nbsp;phishing,&nbsp;vishing, and&nbsp;pretexting&nbsp;</h3>
What&rsquo;s&nbsp;happening:&nbsp;The&nbsp;<a href="https://blog.lastpass.com/posts/social-engineering">human element</a>&nbsp;remains&nbsp;a favored entry point. The DBIR links social engineering to&nbsp;60%&nbsp;of breaches when errors/misuse are included; vishing (voice phishing) rose&nbsp;442%&nbsp;in late 2024 as adversaries used convincing deepfake voices and phone‑based impersonation to harvest MFA codes or push urgent financial changes&nbsp;(CrowdStrike).&nbsp;
Why it matters:&nbsp;Even well‑configured tech can be undermined if users are rushed or deceived. Smaller firms are especially exposed to&nbsp;Business Email Compromise&nbsp;(BEC), where attackers hijack email threads and swap invoices or bank instructions. Trust makes the&nbsp;scam&nbsp;believable; process makes it stoppable.&nbsp;&nbsp;
Action to take:&nbsp;
<ul>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Run&nbsp;regular training&nbsp;and&nbsp;phishing simulations; normalize reporting suspicious messages.&nbsp;</li>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Require&nbsp;out‑of‑band verification&nbsp;for any payment change or sensitive request (phone a known number; two‑person approval).&nbsp;</li>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Implement&nbsp;email authentication&nbsp;methods (SPF,&nbsp;DKIM,&nbsp;DMARC)&nbsp;to prevent brand spoofing and reduce downstream fraud.&nbsp;</li>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Monitor mailboxes for unusual logins and hidden forwarding rules; mandate&nbsp;MFA&nbsp;on email.&nbsp;</li>
</ul>
<h3 class="p4" style="color: rgba(0, 0, 0, 0.85); margin: 0px 0px 16.4px;">4) Vulnerability&nbsp;exploits &amp;&nbsp;shadow&nbsp;apps&nbsp;</h3>
What&rsquo;s&nbsp;happening:&nbsp;Exploitation of known vulnerabilities rose year‑over‑year, with attackers scanning internet‑facing assets for unpatched flaws&nbsp;&ndash;&nbsp;VPN&nbsp;gateways, edge devices, and web servers&nbsp;&ndash;&nbsp;often&nbsp;within hours of disclosure. The volume of&nbsp;Common Vulnerabilities and Exposures (CVE)&nbsp;is daunting, but adversaries focus on a small, high‑impact subset that is easy to exploit and externally visible.&nbsp;Shadow or abandoned applications&nbsp;with lingering access also expand attack surface.&nbsp;&nbsp;
Why it matters:&nbsp;For&nbsp;growing businesses, patch paralysis is costly. Edge‑device bugs and outdated&nbsp;content management systems&nbsp;(CMS)/plugins are frequent&nbsp;initial&nbsp;footholds. The Playbook emphasizes patch velocity&nbsp;&ndash;&nbsp;how&nbsp;quickly critical/high severity items are fixed&nbsp;over perfect coverage; speed on the perimeter delivers outsized risk reduction.&nbsp;
Action to take:&nbsp;
<ul>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Patch&nbsp;internet‑facing systems first; subscribe to vendor advisories for perimeter devices.&nbsp;</li>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Set&nbsp;service level agreements (SLAs):&nbsp;Critical &le;7 days;&nbsp;High &le;30 days; scan monthly and track remediation.&nbsp;</li>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Use&nbsp;Web Application Firewalls (WAF)/virtual patching&nbsp;when downtime blocks immediate fixes.&nbsp;</li>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Inventory and retire&nbsp;<a href="https://blog.lastpass.com/posts/shadow-it-versus-shadow-ai-definitions-differences-and-implications-for-smbs">shadow apps;</a>&nbsp;remove unused credentials and stale integrations.&nbsp;&nbsp;</li>
</ul>
<h3 class="p4" style="color: rgba(0, 0, 0, 0.85); margin: 0px 0px 16.4px;">5) Third‑party &amp;&nbsp;supply‑chain&nbsp;breaches&nbsp;</h3>
What&rsquo;s&nbsp;happening:&nbsp;One of the most dramatic DBIR trends: breaches involving business partners doubled year‑over‑year, and&nbsp;roughly&nbsp;30%&nbsp;of incidents involved a third party (supplier, MSP, SaaS platform). As&nbsp;smaller businesses&nbsp;extend operations through external providers, their trust boundary expands&nbsp;&ndash;&nbsp;and&nbsp;attackers exploit weaker links to pivot.&nbsp;
Why it matters:&nbsp;Even if your internal controls are strong, a&nbsp;partner&rsquo;s&nbsp;lapse can expose your data or disrupt your operations. Conversely, an incident in your environment can&nbsp;cascade to&nbsp;a larger customer. Vendor diligence and contractual rigor are not &ldquo;enterprise‑only&rdquo;&nbsp;&ndash;&nbsp;they&rsquo;re&nbsp;essential for smaller teams navigating outsourced IT.&nbsp;
Action to take:&nbsp;
<ul>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Perform&nbsp;vendor risk reviews&nbsp;(security questionnaires, certifications like SOC 2/ISO 27001).&nbsp;</li>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Insert&nbsp;breach&nbsp;notification&nbsp;and&nbsp;security/control requirements&nbsp;into contracts; require cyber insurance and&nbsp;minimum&nbsp;MFA standards for privileged access.&nbsp;</li>
 <li class="li7" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Limit and&nbsp;monitor&nbsp;third‑party access; promptly disable ex‑vendor accounts.&nbsp;</li>
</ul>
<div class="button-container"><a rel="noopener noreferrer" href="https://lastpass.com/enterprise_trial.php" target="_blank"><button class="lp-button lp-button--primary">Try Business</button></a><a rel="noopener noreferrer" href="https://www.lastpass.com/resources/demo/password-and-identity-management" target="_blank"><button class="class lp-button--red-outline">Request a Demo</button></a></div>
<h2 class="p9" style="color: rgba(0, 0, 0, 0.85); margin: 0px 0px 17.4px;">Why resilience (not perfection) is the 2026 mandate&nbsp;</h2>
No organization is breach‑proof, but resilient organizations recover quickly, minimize downtime, and avoid ransom payments because backups are robust, incident playbooks are practiced, and identity is locked down. The Playbook&rsquo;s dual emphasis&nbsp;&ndash;&nbsp;prevention +&nbsp;recover &ndash;&nbsp;maps&nbsp;to what the data shows&nbsp;actually changes&nbsp;outcomes for smaller teams.&nbsp;&nbsp;
Here are five immediate steps every growing business should take:&nbsp;
<ol>
 <li class="li11" style="color: #191919; margin: 0px;">Implement&nbsp;<a href="https://www.lastpass.com/products/multifactor-authentication">phishing-resistant MFA</a>&nbsp;across all critical systems.&nbsp;</li>
 <li class="li11" style="color: #191919; margin: 0px;">Establish structured patch management&nbsp;for internet-facing assets.&nbsp;</li>
 <li class="li11" style="color: #191919; margin: 0px;">Invest in backups and disaster recovery&nbsp;to reduce ransom leverage.&nbsp;</li>
 <li class="li11" style="color: #191919; margin: 0px;">Conduct regular security awareness training&nbsp;to counter AI-driven social engineering.&nbsp;</li>
 <li class="li11" style="color: #191919; margin: 0px;">Assess vendor risk rigorously&nbsp;with security questionnaires and contractual requirements.&nbsp;</li>
</ol>
The&nbsp;breach&nbsp;trends make one thing clear:&nbsp;&ldquo;business as usual&rdquo; is not sustainable.&nbsp;Emerging and mid-sized companies must shed the illusion of &ldquo;security by obscurity.&rdquo; Attackers are not overlooking smaller firms; they are targeting them precisely because defenses are weaker.&nbsp;
The good news: resilience is within reach. By adopting Zero Trust principles&nbsp;and&nbsp;strengthening cyber hygiene, growing businesses can move from survival mode to&nbsp;a sustainable&nbsp;security posture.&nbsp;
Trust nothing. Validate everything.&nbsp;Build strategies that actually work.&nbsp;
<h3 class="p12" style="color: #386573; margin: 0px 0px 16px;"><a rel="noopener noreferrer" href="https://info.lastpass.com/CNT25-10-16-cyber-resilience-playbook" target="_blank">Download the Playbook here.</a></h3>
&nbsp;

26 major breach studies expose critical gaps: Your cyber resilience strategy for 2026

FAQs: Cyber threats every growing business should know about

Learn about the five most critical threats every growing business must understand in 2026. 

26 Major Breach Studies Expose Critical Gaps: Your Cyber Resilience Strategy for 2026 

Your Small Business Guide to Agentic AI Identity & Access Management (2026)

<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Agentic AI identity &amp; access management (agentic AI IAM) is about giving you control.&nbsp;It&rsquo;s&nbsp;about knowing what AI agents you have, what they can access, and what actions they can take on your behalf.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Because of their non-deterministic behavior (read &ldquo;unpredictability&rdquo;), AI agents&nbsp;can&rsquo;t&nbsp;just be classified as bot or machine identities.&nbsp;&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Traditional IAM falls short because its identity governance controls are too broad for autonomous agents, whose behavior can be manipulated in real-time.&nbsp; &nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">The Cloud Security Alliance&rsquo;s agentic AI IAM framework rests on 4 pillars, and&nbsp;they&rsquo;re&nbsp;critical whether you have 50 or 3,000 employees.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Are your employees connecting risky AI agents&nbsp;like&nbsp;Moltbot&nbsp;to Salesforce, QuickBooks, or Stripe? LastPass SaaS Monitoring shows you who has access to those&nbsp;business-critical&nbsp;apps, while tools like Permit.io&nbsp;let you&nbsp;enforce policies&nbsp;that prevent&nbsp;agents&nbsp;from executing unauthorized transactions.&nbsp;</li>
</ul>

Key takeaways: Agentic AI Identity & Access Management

FAQs: AI agent identity management

Agentic AI Identity & Access Management (Agentic AI IAM) involves tracking every AI tool - who approved it and what data it touches. 

Your Small Business Guide to Agentic AI Identity & Access Management (2026) 

It&rsquo;s the start of a new year, which means its time for two things: 1) People are (hopefully) sticking to their New Year&rsquo;s resolutions; and 2) We&rsquo;re heading into Data Privacy Week, an international effort led by the National Cybersecurity Alliance to help individuals and businesses take control of their data. In 2026, controlling your data increasingly comes down to controlling identity. Stolen credentials, password reuse, MFA fatigue, and social engineering are now the primary ways attackers get in&mdash;not by breaking systems, but by persuading people. That shift is also changing how cybercriminal groups operate. One of the clearest examples is a loose ecosystem known as Scattered Lapsus$ Hunters. This group targets a wide range of organizations and relies on compromised identities, help desk manipulation, and speed.
In the latest episode of The Phish Bowl moderated by Jordan Sher, cyber threat intelligence experts Mike Kosak and Stephanie Schneider connect these dots. We&rsquo;ll talk about data privacy and why identity sits at the center of it and what groups like Scattered Lapsus$ Hunters tell us about the evolution of social engineering. And with special guest Nate Howard from Flashpoint, we&rsquo;ll look at how threat intelligence, including visibility into the deep and dark web, helps defenders spot attacks before they land.
Whether your New Year&rsquo;s resolution was to get smarter on cybersecurity, or you&rsquo;re responsible for protecting users, systems, and data without a massive security team, we&rsquo;re glad you&rsquo;re starting off 2026 on the right foot with us. Let&rsquo;s get into it.
<h2>Trinity of Chaos: Scattered Lapsus$ Hunters</h2>
<a href="https://blog.lastpass.com/posts/social-engineering">Social engineering</a> is about manipulating the human element of security. It essentially preys on basic human behavior which makes it so effective. It&rsquo;s easier to hack people than it is to hack machines. Common tactics using this technique include phishing/vishing/smishing, baiting and tailgating, and pretexting. Social engineering will almost certainly continue to be prevalent to all organizations, big and small, in 2026. 
Scattered Lapsus$ Hunters is one of the most effective cybercriminal groups excelling at social engineering to get access to accounts or networks. They were behind several recent attacks last year, including Jaguar Land Rover that disrupted the larger automotive supply chain for months with a reported loss of &pound;485 million to &pound;559 million ($637M - $736M) for Q3 2025. The attack was estimated to have a broader impact on the UK economy, potentially reaching over $2 billion.&nbsp; 
It&rsquo;s an amalgamation of three different groups that have been kicking around (<a href="https://blog.lastpass.com/posts/blocking-unauthorized-access-webinar">Scattered Spider</a>, Lapsus$, and ShinyHunters) and are part of a community called The Com where they share social engineering techniques. We can follow some of these conversations they&rsquo;re having on DDW to monitor the group&rsquo;s interests, capabilities, and infer where (which organizations or sectors) and how (with what tactics) they might strike next. 
<h2>Interview with Nate from Flashpoint</h2>
Our special guest is Nate Howard, Flashpoint&rsquo;s Senior Manager on Customer Success Team, joining us to talk about his perspectives on the deep dark web (DDW), <a href="https://blog.lastpass.com/posts/ai-supercharges-credential-harvesting">how artificial intelligence (AI) will shape cyber threats</a>, and real-world examples of how having access to intelligence can allow organizations to take proactive measures against threats. 
With roots in network engineering and a career that grew into security intelligence and digital offensive security, Nate has spent years countering threats from both sides of the wire. His deep experience across the deep and dark web provides a firsthand understanding of adversary ecosystems, emerging attack techniques, and how defenders can stay ahead. At Flashpoint, he helps support efforts that can be broken down into three pillars: 1) collecting data from across the DDW, 2) creating quality, finished intelligence products, 3) and providing services that play directly into making intelligence actionable for customers to be proactive and drive success in their own organizations. 
People see the DDW as a mysterious place, but Nate explains that it&rsquo;s actually closer to where we&rsquo;re normally operating than you might think. It&rsquo;s essentially made up of forums, blogs, and chat services that are relatively easy to find and access on a different internet via Tor. Threat actors like Scattered Lapsus$ Hunters are operating somewhat out in the open on the DDW, which gives us an advantage to monitor them (i.e., their personalities, TTPs, etc.), understand context and analysis around data, and respond proactively. 
Talking about the types of threats organizations should be most concerned with, Nate explained why agentic AI threats will continue to pose a significant threat. They allow threat actors who were not capable of certain attacks to now be able to do so and commodify those threats. AI will impact various attack types, particularly phishing and other social engineering tactics. AI will allow attackers to broaden the scale and scope of their attacks. <a href="https://blog.lastpass.com/posts/joint-report-lastpass-guidepoint-security-infostealers">Infostealers</a> and CVE volatility are other threats organizations should pay attention to, according to Nate. 
<h2>Actioning intelligence in real life: mitigating exposed employee credentials</h2>
To really drive home the point about how valuable technical data and real time access to the human side of security can be, and what you can do when you have access to it, Nate talked about a real-world example he says Flashpoint frequently delivers: mitigating exposed credentials. Due to Flashpoint&rsquo;s broad access to stealer logs, forums, and chat services, they&rsquo;re able to find employee credentials that are out there and have ability to monitor and alert an affected organization if employee credentials are compromised. This rapid alerting enables companies to act quickly to prevent data loss. 
Infostealers are frequently behind breaches, silently grabbing credentials and other sensitive information and selling or posting them online to be used in other attacks. For instance, an infostealer was behind the <a href="https://blog.lastpass.com/posts/snowflake-recap">Snowflake breach</a> in 2024, allowing attackers to take leaked credentials and login to accounts not protected with multi-factor authentication (MFA). 
<h2>Listen to the full episode&nbsp;&nbsp;</h2>
Catch the full episode and additional resources for more cyber threat insights from the LastPass Threat Intelligence, Mitigations, and Escalations (TIME) Team. 
<ul>
 <li>Listen to the full episode of The Phish Bowl wherever you get your podcasts:&nbsp;&nbsp;
 <ul>
 <li><a rel="noopener noreferrer" href="https://www.youtube.com/@LastPass/podcasts" target="_blank">YouTube</a></li>
 <li><a rel="noopener noreferrer" href="https://open.spotify.com/show/1TQiFDk9acmkfp1sTFN1yX" target="_blank">Spotify</a></li>
 <li><a rel="noopener noreferrer" href="https://podcasts.apple.com/podcast/id1828511920" target="_blank">Apple</a></li>
 </ul>
 </li>
 <li>Subscribe for monthly threat intel deep dives. </li>
 <li>Access LastPass's <a href="https://info.lastpass.com/threat-reports">Regional Report</a> for detailed analysis of recent APAC trends and activity. </li>
 <li>Check out the <a rel="noopener noreferrer" href="https://blog.lastpass.com/categories/threat-intel" target="_blank">LastPass Labs blog</a> for more insights.&nbsp;</li>
</ul>
See you back in February to talk about Europe cyber threats! 
&nbsp;

The Phish Bowl Explores How Identity is Under Attack, Scattered LAPSUS$ Hunters, and Cybercrime Trends

This article recaps the January 2026 episode of The Phish Bowl, a podcast featuring cyber threat intelligence experts diving deep into relevant cybersecurity topics. This episode covers protecting identity as a security fundamental, Scattered Lapsus$ Hunters and their social engineering tactics, and cybercrime trends. 

What is AI agent authentication, and why does your small business need it in 2026? 

<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">AI agents are already in your&nbsp;business, and they need their own authentication solution.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">FIDO2 MFA&nbsp;creates an extra barrier&nbsp;unauthorized&nbsp;AI agents&nbsp;can&rsquo;t&nbsp;bypass.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">The biggest threats&nbsp;aren&rsquo;t&nbsp;external attackers;&nbsp;they&rsquo;re&nbsp;overprivileged agents and Shadow AI.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Attackers are targeting AI agents through prompt injection, AI model poisoning, credential theft, and hijacked agent-to-agent communications.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">With LastPass SaaS Monitoring, your business can rein in Shadow AI without a massive IT budget.&nbsp;</li>
</ul>

Key takeaways: Agent authentication

FAQs: Agent authentication

With LastPass SaaS Monitoring, your business can rein in Shadow AI without a massive IT budget. 

What Is AI Agent Authentication, and Why Does Your Small Business Need It in 2026? 

22 January 2026 UPDATE:&nbsp;
The&nbsp;suspected threat&nbsp;actors behind this campaign have&nbsp;sent another wave of phishing emails using similar tactics. The body of the email&nbsp;remains&nbsp;the same, but the&nbsp;links have been changed following&nbsp;LastPass&rsquo;&nbsp;disruption of their&nbsp;initial&nbsp;infrastructure&nbsp;in conjunction with&nbsp;our partners.&nbsp;We&nbsp;also found other domains registered,&nbsp;likely by&nbsp;this&nbsp;threat&nbsp;actor&nbsp;given&nbsp;the use of&nbsp;similar procedures, that&nbsp;indicate&nbsp;a broader infrastructure that may be used&nbsp;or have been used&nbsp;in&nbsp;this and/or&nbsp;other&nbsp;phishing campaigns. We recommend blocking these domains/URLs now.&nbsp;&nbsp;
Below please find the updated&nbsp;IOCs:&nbsp;
Sender&nbsp;Emails:&nbsp;
<ul class="ul1" style="color: #000000;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">All emails are formatted as&nbsp;support@lastpass.[SERIES OF TWO TO FIVE RANDOM CHARACTERS]&nbsp;</li>
</ul>
URLs:&nbsp;
<ol>
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">systems-resources.s3.eu-west-3.amazonaws[.]com/sSvLaIvIEm5iMal&nbsp;</li>
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">security-lastpass.com&nbsp;</li>
</ol>
Associated IPs:&nbsp;&nbsp;
<ul class="ul3" style="color: #000000; list-style-type: square;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">172.67.157[.]54&nbsp;</li>
</ul>
<ul class="ul3" style="color: #000000; list-style-type: square;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">104.21.73[.]30&nbsp;</li>
</ul>
<ul class="ul3" style="color: #000000; list-style-type: square;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">109.205.213[.]50&nbsp;</li>
</ul>
Note: This IP is also associated with the following&nbsp;brand impersonation sites that may be used for illicit purposes:&nbsp;&nbsp;
<ul class="ul2" style="color: #000000; list-style-type: circle;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Emergency-access-lastpass[.]com&nbsp;</li>
</ul>
<ul class="ul2" style="color: #000000; list-style-type: circle;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Settings-lastpass[.]com&nbsp;</li>
</ul>
<ul class="ul2" style="color: #000000; list-style-type: circle;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Setting-lastpass[.]com&nbsp;</li>
</ul>
<ul class="ul2" style="color: #000000; list-style-type: circle;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Backup-lastpass[.]com&nbsp;</li>
</ul>
<ul class="ul2" style="color: #000000; list-style-type: circle;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Lastpass-backups[.]com&nbsp;</li>
</ul>
Subject Lines:&nbsp;
<ul class="ul1" style="color: #000000;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">LastPass Server Maintenance: Backup Recommended&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">LastPass Maintenance Scheduled: Here's What You Need to Do&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Critical: Please Backup Your LastPass Vault Before Maintenance&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">LastPass Infrastructure Update: Secure Your Vault Now&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">LastPass Maintenance: Secure Your Data Today&nbsp;&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Important: LastPass Maintenance &amp; Your Vault Security&nbsp;</li>
</ul>
While this is always a best practice,&nbsp;we recommend you&nbsp;confirm any email claiming to be from LastPass&nbsp;are&nbsp;coming from legitimate LastPass email domains&nbsp;as this campaign is ongoing. The domains are listed&nbsp;below&nbsp;and more information can be found here: <a href="https://support.lastpass.com/s/document-item?language=en_US&amp;bundleId=lastpass&amp;topicId=LastPass/phishing_report.html&amp;_LANG=enus">Report a phishing email to LastPass</a>&nbsp;
<ul class="ul1" style="color: #000000;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">@lastpass.com&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">@sendgrid.com&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">@m.lastpass.com&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">@t.lastpass.com@ar.lastpass.com&nbsp;</li>
</ul>
Again, if you are ever unsure whether a LastPass branded email is legitimate,&nbsp;submit&nbsp;it to&nbsp;<a href="mailto:abuse@lastpass.com">abuse@lastpass.com</a>.&nbsp;
Original Post:&nbsp;
LastPass&nbsp;Threat Intelligence, Mitigation, and Escalation (TIME)&nbsp;would like to alert our customers&nbsp;to&nbsp;an&nbsp;active&nbsp;phishing campaign that&nbsp;began on or around January 19, 2026. These&nbsp;phishing emails are&nbsp;being sent&nbsp;from&nbsp;several&nbsp;email addresses&nbsp;with&nbsp;various&nbsp;subject lines&nbsp;claiming&nbsp;that&nbsp;LastPass is about&nbsp;to&nbsp;conduct maintenance and urging users to&nbsp;backup&nbsp;their vaults&nbsp;in the next 24 hours. The known list of email addresses&nbsp;and subject lines can be found below.&nbsp;&nbsp;&nbsp;
Please be advised&nbsp;that&nbsp;LastPass&nbsp;is&nbsp;NOT&nbsp;asking customers to&nbsp;backup&nbsp;their vaults in the next 24 hours; rather,&nbsp;this is an attempt on the part of&nbsp;a&nbsp;malicious actor to generate urgency in the mind of the recipient, a common tactic for social engineering and phishing emails.&nbsp;&nbsp;
The below image displays the body of&nbsp;an example&nbsp;email&nbsp;we have&nbsp;observed&nbsp;with&nbsp;a&nbsp;link purporting to take potential victims to a&nbsp;site that will&nbsp;supposedly allow&nbsp;recipients to create backups of their vault. Instead,&nbsp;this link&nbsp;will&nbsp;actually&nbsp;direct&nbsp;victims to a phishing site hosted at&nbsp;&ldquo;group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf&rdquo;&nbsp;which then redirects to &ldquo;mail-lastpass[.]com.&rdquo;&nbsp;The timing of the campaign, which fell&nbsp;over a holiday weekend in the United States, is a common tactic among threat actors&nbsp;seeking&nbsp;to&nbsp;take advantage of reduced staffing under the assumption it will&nbsp;postpone detection and draw out response time.&nbsp;&nbsp;
Body of Current Phishing Email as of January 20, 2026
<img src="https://www.lastpass.com/-/media/d5b188257135407989134d0c48c84c7e.png" >
Please remember that no one at LastPass will&nbsp;ever ask for your master password.&nbsp;Rest assured,&nbsp;we are&nbsp;working&nbsp;with our third-party partners&nbsp;to have this domain taken down&nbsp;as soon as possible.&nbsp;In the meantime,&nbsp;please&nbsp;take the&nbsp;appropriate precautions&nbsp;and,&nbsp;as always, if you&nbsp;are ever unsure whether&nbsp;a&nbsp;LastPass branded&nbsp;email is&nbsp;legitimate,&nbsp; submit&nbsp;it to&nbsp;<a href="mailto:abuse@lastpass.com">abuse@lastpass.com</a>.&nbsp;We would like to thank our customers who have already&nbsp;submitted&nbsp;this email for their vigilance and&nbsp;commitment to keeping our community secure.&nbsp;&nbsp;
Malicious URLs and associated IPs:&nbsp;&nbsp;
<ul class="ul1" style="color: #000000;">
 <li class="li7" style="color: #211f1f; margin: 0px;">&ldquo;group-content-gen2.s3.eu-west-3.amazonaws[.]com/5yaVgx51ZzGf&rdquo;&nbsp;</li>
</ul>
<ul class="ul2" style="color: #000000; list-style-type: circle;">
 <li class="li7" style="color: #211f1f; margin: 0px;">Serving IP address at time of publication:&nbsp;52.95.155[.]90&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li7" style="color: #211f1f; margin: 0px;">&ldquo;mail-lastpass[.]com&rdquo;&nbsp;</li>
</ul>
<ul class="ul2" style="color: #000000; list-style-type: circle;">
 <li class="li7" style="color: #211f1f; margin: 0px;">Associated&nbsp;IP addresses&nbsp;at time of publication:&nbsp;&nbsp;</li>
</ul>
<ul class="ul3" style="color: #000000; list-style-type: square;">
 <li class="li7" style="color: #211f1f; margin: 0px;">104.21.86[.]78&nbsp;</li>
</ul>
<ul class="ul3" style="color: #000000; list-style-type: square;">
 <li class="li7" style="color: #211f1f; margin: 0px;">172.67.216[.]232&nbsp;</li>
</ul>
<ul class="ul3" style="color: #000000; list-style-type: square;">
 <li class="li7" style="color: #211f1f; margin: 0px;">188.114.97[.]3 &nbsp;</li>
</ul>
Header information:&nbsp;
From:&nbsp;&nbsp;
<ul class="ul1" style="color: #000000;">
 <li class="li7" style="color: #211f1f; margin: 0px;">support@sr22vegas[.]com&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li7" style="color: #211f1f; margin: 0px;">support@lastpass[.]server8&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li7" style="color: #211f1f; margin: 0px;">support@lastpass[.]server7&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li7" style="color: #211f1f; margin: 0px;">support@lastpass[.]server3&nbsp;</li>
</ul>
Associated&nbsp;IPs:&nbsp;&nbsp;
<ul class="ul1" style="color: #000000;">
 <li class="li7" style="color: #211f1f; margin: 0px;">192.168.16[.]19&nbsp;&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li7" style="color: #211f1f; margin: 0px;">172.23.182.202&nbsp;</li>
</ul>
Subjects:&nbsp;
<ul class="ul1" style="color: #000000;">
 <li class="li7" style="color: #211f1f; margin: 0px;">LastPass Infrastructure Update: Secure Your Vault Now&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Your Data, Your Protection: Create a Backup Before Maintenance&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Don't&nbsp;Miss Out: Backup Your Vault Before Maintenance&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li3" style="color: rgba(0, 0, 0, 0.85); margin: 0px;">Important: LastPass Maintenance &amp; Your Vault Security&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li8" style="color: rgba(0, 0, 0, 0.85); background-color: #ffffff; margin: 0px;">Protect Your Passwords: Backup Your Vault (24-Hour Window)&nbsp;</li>
</ul>

January 2026 Phishing Campaign Targeting LastPass Customers [UPDATE] 

Another wave of phishing emails using similar tactics has been sent from the same threat actors on January 19. 

January 2026 Phishing Campaign Targeting LastPass Customers [UPDATE]

What Are Zero-Day Exploits, and Why Are They So Dangerous in 2026? 

<ul class="ul1" style="color: #000000;">
 <li class="li1" style="margin: 0px;">&bull; A zero-day exploit is specially crafted&nbsp;code&nbsp;or a technique&nbsp;an&nbsp;attacker uses to weaponize a discovered vulnerability in a target system.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="margin: 0px;">Zero-day exploits are dangerous because they hit before anyone knows a flaw exists, giving attackers an opportunity&nbsp;to&nbsp;steal&nbsp;passwords, drain accounts, and&nbsp;exfiltrate&nbsp;trade secrets.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="margin: 0px;">CVE-2021-30116&nbsp;and CVE-2025-6554 are prime examples of zero-day exploits in action.&nbsp; &nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="margin: 0px;">There are seven (7) stages in a zero-day&nbsp;exploit&nbsp;lifecycle;&nbsp;#6 is where lack of visibility complicates your response to an attack.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li1" style="margin: 0px;">The biggest struggle for many businesses&nbsp;isn&rsquo;t&nbsp;the zero-day itself.&nbsp;It&rsquo;s&nbsp;lacking clear visibility into&nbsp;SaaS usage, making it difficult to assess exposure or respond effectively.&nbsp;</li>
</ul>
<ul class="ul1" style="color: #000000;">
 <li class="li3" style="margin: 0px;">With LastPass SaaS monitoring, you get full SaaS visibility and centralized identity&nbsp;controls, which lets you&nbsp;quickly verify zero-day affected apps, rotate credentials, and secure access as soon as the vendor releases a patch.&nbsp;&nbsp;</li>
</ul>

Key takeaways: Zero-day exploits

FAQs: Zero-day exploit

Learn about zero-day exploits and how with LastPass SaaS monitoring, you get full SaaS visibility and centralized identity controls, which lets you quickly verify zero-day affected apps,

One chapter in the saga of infostealer malware has ended&mdash;at least for now&mdash;after a global law enforcement takedown of Lumma Stealer in mid-May. US, European, and Japanese authorities, with the help of tech companies including Microsoft and Cloudflare, took down, suspended, and blocked approximately 2,300 malicious domains that made up part of the infostealer&rsquo;s backbone. The FBI also seized domains that served as login panels allowing other criminals to access and use the infostealer. Although, this seizure is intended to effectively prevent criminals from being able to access Lumma to compromise computers and steal data, the overall stealer threat will remain prevalent for the foreseeable future. 
(Interested in learning more about the infostealer threat outlook? Read the LastPass TIME team&rsquo;s threat predictions and analysis on <a href="https://blog.lastpass.com/posts/2025-cybersecurity-trends">what direction infostealers and other threats are heading</a>.) 
<h2>What is Lumma?</h2>
 
Lumma Stealer, also known as LummaC2, dominated the expanding stealer market with significant campaigns since it emerged as early as late 2022. Since its initial release, Lumma&rsquo;s developers have released multiple upgraded versions of the software. Before the malware-as-a-service (MaaS) platform was dismantled, the FBI linked Lumma to around <a href="https://www.malwarebytes.com/blog/news/2025/05/lumma-information-stealer-infrastructure-disrupted">10 million infections</a> globally. Lumma&rsquo;s follow-on attacks involving stealing credentials, cryptocurrency data, and credit card information have resulted in an estimated <a href="https://cyberscoop.com/lumma-infostealer-widespread-victims/">$36.5 million USD</a> in credit card theft in 2023. The malware hit individuals and a wide range of industries, including Fortune 500 companies, airlines, universities, banks, and hospitals. 
What makes this stealer particularly effective is that it continues to evolve to bypass security layers even as defenders are responding to the threat. On top of grabbing browser-stored passwords and cookies, it&rsquo;s also capable of extracting autofill data, email credentials, File Transfer Protocol (FTP) data, and two-factor authentication tokens and backup codes. Using its MaaS platform, its creators sold access to the malware on multiple underground markets and platforms like Telegram. 
<h2>What comes next?</h2>
 
This takedown is a major win for law enforcement and will help disrupt the initial access broker ecosystem in the near term. However, this is an ecosystem that has demonstrated its resilience again and again. The number of existing infostealer families, the open access to numerous source codes of previous infostealers, and the constant demand create a lucrative environment with very low barriers to entry. Given the resiliency of this market, other infostealer will likely quickly step in and fill in the gaps left after the Lumma takedown. 
A similar pattern previously played out with other similar takedowns. On October 28, 2024, Operation Magnus disrupted the RedLine and META infostealers. RedLine was a significant stealer last year up until the takedown, after which Lumma grew in popularity and took over a portion of the market share previously held by RedLine. Redline infected 9.9 million hosts, or 43% of all infostealer infections observed by Flashpoint in 2024. The next four most-prolific infostealers in 2024, including RisePro, SteaC, Lumma Stealer, and Meta Stealer, infected a <a href="https://cyberscoop.com/infostealers-cybercrime-surged-2024-flashpoint/">combined 7 million hosts</a>. 
We expect to see something similar following the Lumma Stealer takedown operation. The disruption effect following takedown is real, but there are still some new infections and logs for sale that were likely stolen before the infrastructure was taken down. Additionally, just because Lumma&rsquo;s infrastructure was dismantled, a lot of the data it stole likely continues to live on the dark web&mdash;thanks to the cybercriminal ecosystem that resells this information. Additionally, <a href="https://blog.checkpoint.com/security/lumma-infostealer-down-but-not-out/">CheckPoint</a> reported Lumma&rsquo;s developers are already trying to rebuild and restart their operations, which may or may not be successful.&nbsp;As SpyCloud&rsquo;s <a href="https://www.linkedin.com/posts/thilligoss_lummatakedown-lummareallynowork-stealc-activity-7332888157480198146-u94p">Trevor Hilligoss shared</a>, daily new Lumma infections have trended downward following the takedown but not as much as expected. Continued monitoring will be necessary to determine the takedown&rsquo;s impact. 
Long-standing groups such as Vidar and Stealc are good examples of this, but other newer families, such as Acreed, will also be well positioned to increase their market share. <a href="https://www.bleepingcomputer.com/news/security/russian-market-emerges-as-a-go-to-shop-for-stolen-credentials/">ReliaQuests</a> already reported Acreed is rapidly gaining traction following the Lumma takedown. <a href="https://webz.io/dwp/acreed-infostealer-everything-we-know-so-far/">Over 4,000 logs</a> stolen by Acreed were reportedly uploaded to the Russian Market within its first week of operations.&nbsp;Nexus has also gained some traction over the last week in Lumma&rsquo;s absence. Further, former affiliates and/or administrators associated with Lumma itself may split off to create their own offerings.

<img src="https://cdn.lputil.com/-/media/ffef2d4ef9d544babc2169a6d0274059.jpg?h=310&amp;w=624" >&nbsp;
Daily new LummaC2 infections (Source: Trevor Hilligoss)
<h2>How to protect yourself against infostealers</h2>
The threat from infostealers will remain very real for the foreseeable future and continue to adapt. Oftentimes, stealers are used in indiscriminate campaigns. Additionally, the sheer volume of data that has been dumped on the internet is immense. That means anyone is fair game and should take action to protect themselves following that assumption that they could be targeted. 
<ul>
 <li>Use strong, unique passwords for every account. This will prevent credential stuffing attacks, which is a common tactic where threat actors insert stolen usernames and passwords. That way, if one password is exposed, it won&rsquo;t give access to all your other accounts where you reuse the same password. Also, consider using a password manager to securely and conveniently store them.</li>
 <li>Enable MFA on your accounts. While this measure isn&rsquo;t failproof on its own, it adds an additional layer of defense and makes you a harder target.</li>
 <li>Be on guard for phishing attempts. Infostealers often spread through phishing emails and malicious downloads. </li>
 <li>Check HaveIBeenPwned to monitor potential exposure if you&rsquo;re worried you may have been infected by an infostealer. </li>
</ul>

What the Lumma stealer takedown means for the infostealer market and your personal data

Lumma Stealer, also known as LummaC2, dominated the expanding stealer market with significant campaigns since it emerged as early as late 2022

Dark Side of the Lumma: What the Lumma stealer takedown means for the infostealer market and your personal data

Passkey vs Password: Which is More Secure? | LastPass

Explore the differences between passkeys and passwords. Learn how LastPass enhances security and simplifies access with advanced authentication methods.

Blog

Blog

Recent

News & Insights

Cybersecurity

Product Tutorials

Threat Intel

Product Updates

Tips And Tricks

LastPass Launches New SaaS Protect Features to Enhance Secure Access Controls Over Unapproved Apps

Dark Side of the Lumma: What the Lumma stealer takedown means for the infostealer market and your personal data

Passkeys Explained: Will Passwords Ever Go Away?

LastPass Recognized as a Top Software Product in the 2026 G2 Best Software Awards

32% of Small Businesses Would Close from a $10,000 Loss – Here's How Adaptive Authentication Prevents It

Subscribe & Save 20% off Premium or Families plans

Protecting Customers: Details on Hardening in Response to ETH Zurich-Reported Security Issues

What Are the 9 Essential Elements of a Cyber Resilience Strategy in 2026?

What the 2026–2028 NSW Government Cyber Security Strategy Reveals About Identity Resilience

26 Major Breach Studies Expose Critical Gaps: Your Cyber Resilience Strategy for 2026

Your Small Business Guide to Agentic AI Identity & Access Management (2026)

The Phish Bowl Explores How Identity is Under Attack, Scattered LAPSUS$ Hunters, and Cybercrime Trends

What Is AI Agent Authentication, and Why Does Your Small Business Need It in 2026?

January 2026 Phishing Campaign Targeting LastPass Customers [UPDATE]

What Are Zero-Day Exploits, and Why Are They So Dangerous in 2026?