Find notable cyber news and cases, enriched with sources, timelines, and signals.

Bitwarden LastPass Dashlane and 1Password vault compromise flaws security flaw

Vulnerability
First reported
Last updated
Happening score
H score 41
1 unique sources, 1 articles

Summary

Hide ▲

Bitwarden, LastPass, Dashlane and 1Password were found to have cloud password manager vulnerabilities that could let an attacker view, change, recover, or delete vault passwords. Researchers detailed 27 attack scenarios spanning key escrow, vault encryption, sharing, and backward compatibility weaknesses. The findings undermine the vendors’ zero-knowledge encryption claims and show how server-side manipulation or weak cryptographic binding could expose entire vaults.

Related Happenings

Dashlane personal-plan users' encrypted vault exposure

Data Leak
H score26 First: 02.06.2026 06:55 Last: 02.06.2026 06:55 Sources 1

About this happening: On **May 31, 2026**, Dashlane disclosed that an **external brute-force account attack** led to **encrypted vaults** being downloaded for **fewer than 20 personal-plan users**, cre...

Dashlane password manager account lockouts from brute-force attacks

Service Disruption
H score12 First: 01.06.2026 21:17 Last: 01.06.2026 21:17 Sources 1

About this happening: **Dashlane** experienced a **temporary account-access disruption** after **brute-force login attempts** triggered security lockouts for some users. The affected accounts were late...

Bitwarden hit by network compromise

Incident
H score34 First: 23.04.2026 22:21 Last: 23.04.2026 22:21 Sources 1

About this happening: **Bitwarden**'s **@bitwarden/cli** distribution channel was compromised when a malicious package briefly appeared on **npm**, putting developers who installed it at risk of **cred...

Bitwarden adds passkey login for Windows 11 sign-in

Security Tool/Service
H score11 First: 05.03.2026 00:34 Last: 05.03.2026 00:34 Sources 1

About this happening: **Bitwarden** added **passkey login** for **Windows 11**, expanding passwordless sign-in and reducing phishing exposure for users who store credentials in the vault.

Cloud password-manager zero-knowledge attack study exposes vault-recovery and integrity flaws

Technical Analysis
H score58 First: 16.02.2026 20:06 Last: 16.02.2026 20:06 Sources 1

About this happening: A new **password-manager security study** found **25 attack classes** against **Bitwarden**, **LastPass**, **Dashlane**, and **1Password**, undermining **zero-knowledge encryption...

Timeline

  1. 16.02.2026 19:15 2 articles · 4mo ago

    Researchers publish cloud password manager flaw findings

    Initial Disclosure

    Researchers from ETH Zurich and the Università della Svizzera italiana (USI) published a peer-reviewed paper on February 16, 2026 describing 27 successful attack scenarios against Bitwarden, LastPass, Dashlane and 1Password cloud-based password managers; the work says flaws such as unauthenticated public keys, lack of ciphertext integrity, insufficient key separation and missing cryptographic binding can let an attacker view, change or recover vault passwords, and Bitwarden, LastPass and Dashlane reported that remediation is underway.

    Show sources