Browser Security

LastPass Breach Data Fuels Crypto Theft Campaigns Through 2025

Nishant Sharma

29 Dec 2025 — 1 min read

This newsletter is AI generated and may hallucinate sometimes 😊

Stolen LastPass Backups Fuel Ongoing Cryptocurrency Theft Campaigns

Attackers are leveraging data stolen from LastPass backups in previous breaches to facilitate cryptocurrency theft campaigns that are expected to continue through 2025.
The compromised data includes encrypted vaults, which, if decrypted using stolen master passwords, can expose sensitive information such as cryptocurrency wallet seed phrases and private keys.
Users who stored cryptocurrency-related information in LastPass and whose master passwords might have been weak or reused are at significant risk and should immediately migrate funds, rotate passwords, and enable stronger multi-factor authentication.

Source: SecurityAffairs | Date: December 28, 2025

References

Stolen LastPass backups enable crypto theft through 2025 - SecurityAffairs

Read more

PDF.js Critical JavaScript Library Flaws Addressed: Update Urgently

This newsletter is AI generated and may hallucinate sometimes 😊 * Mozilla's PDF.js, a popular open-source JavaScript library widely used for in-browser PDF rendering, has addressed critical code injection and crash vulnerabilities. * The code injection flaw could enable attackers to execute arbitrary JavaScript code within a user's

Blesta XSS Flaw Poses Client-Side Risk to Management Portals

This newsletter is AI generated and may hallucinate sometimes 😊 Blesta Reflected XSS Flaw Endangers Client Management Portals * A reflected Cross-Site Scripting (XSS) vulnerability, tracked as KIS-2026-01, has been identified in Blesta versions up to 5.13.1, specifically affecting the confirm_url parameter. * This flaw enables attackers to inject arbitrary

Chrome, Foxit & Open VSX Address Critical Browser & Extension Security

This newsletter is AI generated and may hallucinate sometimes 😊 Foxit Releases Security Updates for PDF Editor Cloud XSS Vulnerabilities * Foxit released security updates for its PDF Editor Cloud, addressing multiple Cross-Site Scripting (XSS) vulnerabilities. * These XSS flaws could allow attackers to inject malicious scripts into web pages viewed by users,

Firefox & Foxit: New AI Privacy Controls and Critical JavaScript Flaws

This newsletter is AI generated and may hallucinate sometimes 😊 Mozilla Firefox Introduces One-Click Option to Disable Generative AI Features * Mozilla Firefox has added a new user-friendly option that allows users to disable all generative AI features within the browser with a single click. * This feature, currently rolling out in the