LastPass and Bitwarden users flooded with fake compliance emails
Don’t click on any links in the fake email.

Image by Cybernews.
- LastPass warned users about phishing emails that try to steal master passwords through fake security notices.
- The emails use fake LastPass and Bitwarden domains and direct users to sites offering malicious downloads.
- Microsoft and Cloudflare confirmed the linked download site is malicious, while LastPass works to remove the domains.
- Users should avoid links in these emails, never enter passwords there, and change exposed master passwords immediately.
Key Takeaways by nexos.ai, reviewed by Cybernews staff.
LastPass is warning its users to be vigilant for an active phishing campaign, designed to steal master passwords. Bitwarden customers are receiving similar emails.
The phishing emails are being sent from a domain ‘lastpassnewsletter.com,’ which was registered on July 13th, 2026.
According to the password manager, the emails are designed to look like an official LastPass security notice. The bogus message encourages recipients to review LastPass’s updated security policies. Anyone who doesn’t agree with the new terms may lose access to their password manager, the message states.
Users who click on the provided URL are being redirected to ‘lastpasscompliance.com.’ The domain attempts to impersonate DocuSign, an American software company that provides tools for securely signing and sending electronic agreements.
Visitors are encouraged to download a file that’s supposed to be DocuSign software. Instead, the file has been classified as malicious by Microsoft and Cloudflare. What the malware actually does remains unclear.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
“The site has been confirmed malicious by Microsoft Defender for Office 365 and Cloudflare. We are investigating the nature of the download and will update this post as findings are confirmed. We are working with our partners to have these domains taken down as quickly as possible,” LastPass says in a blog post detailing the phishing campaign.
On Reddit, Bitwarden users report receiving the same phishing email, only supposedly from Bitwarden.
The tactics, techniques, and procedures (TTPs) of the phishing campaign are the same. Scammers send false messages from the ‘bitwardennewsletter.com’ domain to unsuspecting users. Clicking the link in the email redirects them to ‘bitwardencompliance.com,’ where users can download malicious software.
LastPass or Bitwarden users who receive the fake email shouldn’t click on any links in the message. In addition, it’s recommended to never enter login credentials on any site they reach from this email.
Lastly, if users have entered their master password for their password manager on the phishing site, they should change it immediately and review their vault for any unexpected activity.