VulnHub

Real-time Cybersecurity News

Experts Trace $35m in Stolen Crypto to LastPass Breach

Infosecurity Magazine
Actively Exploited
Data Breach

Overview

A report from TRM Labs has traced $35 million in stolen cryptocurrency back to a breach of LastPass that occurred in 2022. The breach reportedly led to attackers draining funds from users' wallets, raising significant concerns about the security of password management systems. LastPass has faced scrutiny due to this incident, as it underscores the potential risks for users relying on such services to safeguard sensitive information. This situation serves as a reminder for individuals to remain vigilant about their online security practices, especially when it comes to managing passwords and sensitive financial data. Users are encouraged to review their wallet security and consider additional protective measures.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: LastPass, cryptocurrency wallets
  • Action Required: Users should review their wallet security, change passwords, enable two-factor authentication, and monitor for unauthorized transactions.
  • Timeline: Ongoing since 2022

Original Article Summary

TRM Labs says it has recorded $35m drained from users’ wallets following 2022 LastPass breach

Impact

LastPass, cryptocurrency wallets

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since 2022

Remediation

Users should review their wallet security, change passwords, enable two-factor authentication, and monitor for unauthorized transactions.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Data Breach.

Read Original Article

Related Coverage

Cyber-Attacks Surge 63% Annually in Education Sector

Infosecurity Magazine

According to a report from Quorum Cyber, educational institutions, both higher and further education, have seen a significant rise in cyber-attacks, with incidents increasing by 63% over the past year. This surge in attacks poses serious risks to the sensitive data of students and staff, as well as the integrity of educational operations. Cybercriminals are increasingly targeting schools and universities, exploiting vulnerabilities that may arise from outdated systems or inadequate security measures. The findings serve as a wake-up call for educational institutions to bolster their cybersecurity defenses and protect against potential breaches. As these attacks grow more frequent, the need for proactive security measures becomes even more urgent.

Apr 23, 2026

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

SecurityWeek

Researchers at Palo Alto Networks have introduced a new tool named Zealot, designed for penetration testing in cloud environments. This AI-driven system can perform tasks such as reconnaissance, exploitation, and data exfiltration with minimal human intervention. The implications of this technology are significant, as it could potentially enable attackers to automate hacking processes, making it easier for them to compromise cloud systems. Companies that rely on cloud infrastructure should be aware of this development, as it raises concerns about the security of their data and systems. The ability of AI to autonomously conduct cyberattacks underscores the need for enhanced security measures and vigilance in cloud environments.

Apr 23, 2026

'Zealot' Shows What AI's Capable of in Staged Cloud Attack

darkreading

A recent proof of concept has demonstrated that AI-driven attacks can occur faster than human defenders can react. This experiment showed that the AI exhibited more autonomous behavior than researchers initially anticipated, raising concerns about the future of cybersecurity defenses. The implications are significant, as organizations may struggle to keep pace with these rapidly evolving threats. If AI continues to advance in this manner, it could lead to more sophisticated and effective cyberattacks, putting sensitive data and systems at greater risk. Companies need to consider how to integrate AI into their security strategies to better prepare for these potential challenges.

Apr 23, 2026

GopherWhisper APT group hides command and control traffic in Slack and Discord

Help Net Security

A new advanced persistent threat group, identified as GopherWhisper, has been linked to cyberattacks targeting a Mongolian government entity. This group, which appears to be aligned with China, is utilizing popular collaboration tools like Slack and Discord to conceal its command and control communications. By embedding malicious traffic within normal enterprise activities, they are making detection more difficult. This trend of leveraging widely used platforms for malicious purposes raises concerns for organizations that rely on these tools for communication and collaboration. As attackers continue to innovate in their methods, it is crucial for companies to remain vigilant and enhance their security measures to protect against such tactics.

Apr 23, 2026

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

SecurityWeek

A newly discovered vulnerability in Microsoft Defender has been exploited as a zero-day, allowing attackers to access the Security Account Manager (SAM) database. This flaw enables them to extract NTLM hashes, potentially granting them system-level privileges. This is particularly concerning as it affects a widely used security solution, which could put numerous systems at risk. Organizations using Microsoft Defender should be vigilant, as this exploitation may lead to unauthorized access to sensitive data and systems. The urgency of addressing this vulnerability cannot be overstated, given its potential impact on user security.

Apr 23, 2026

Cyberattacks increasingly caused by unchecked AI agents

SCM feed for Latest

A report from Infosecurity Magazine warns that organizations are increasingly vulnerable to cyberattacks due to a lack of effective strategies for managing AI agents. As companies adopt AI technologies without appropriate oversight, the risk of these systems being exploited by attackers rises. This situation poses a significant threat to data security and system integrity, as poorly governed AI can facilitate malicious activities. Organizations that fail to implement clear guidelines for AI use may find themselves facing increased incidents of cybersecurity breaches. Addressing this issue is crucial for protecting sensitive information and maintaining trust in digital systems.

Apr 22, 2026