Vulnerabilities in Password Managers allow Attackers to view and change passwords

A team of security researchers discovered a set of vulnerabilities in four popular cloud-based password managers that would allow attackers to view and change passwords stored in victim's vaults.

Twenty-seven attack scenarios recently published targeting password manager services from Bitwarden, LastPass, Dashlane, and 1Password.
The attacks ranged from integrity violations to the complete compromise of ALL vaults in an organization.
The published paper here.

Apple patches everything February 11, 2025

 iOS, iPadOS, macOS, tvOS, watchOS, and visionOS
Addressing 71 vulnerabilities 

Microsoft Patch Tuesday update Feb 10, 2025

Patch for 58 vulnerabilities 
6 actively exploited
3 publicly disclosed

• 25 Elevation of Privilege vulnerabilities
• 5 Security Feature Bypass vulnerabilities
• 12 Remote Code Execution vulnerabilities
• 6 Information Disclosure vulnerabilities
• 3 Denial of Service vulnerabilities
• 7 Spoofing vulnerabilities

Critical Out of Band Microsoft updates to Windows, Office, and Outlook January 24, 2026

Updates to Windows to fix an update to windows. Update to Office for a vulnerability from a local account. So clicking or opening an Office file.
I am seeing potential exploits from other Sun City residents. Are you?

Windows KB5078127

License Plate Readers

 Several license plate readers on entries and exits from Sun City.
Due to a vulnerability a database of Flock, the company deploying most of the license plate readers across the United states the data was not redacted.
To see where your license plate was captured and not redacted use Have I Been Flocked.

https://haveibeenflocked.com

Similar to Have I Been Pwoned for email and account information from data breaches
https://haveibeenpwned.com/

Of course you or any other person on the planet can search for any license plate and find locations recorded.

LastPass requests you create a backup of your password valt - with urgency

 PLEASE do NOT respond or action a request from LastPass to create a(nother) backup of your password vault. This is a  recent phishing campaign.
Instead of obtaining your vault password, they gain access to your ENTIRE password vault.

Browser Extension's Logo containing malware

  GhostPoster malware. 
Browser extensions can have a logo. An icon displayed as part of the browser extension.
GhostPoster malware adds JavaScript after a marker. 
So the extension displays the logo and executes the extension function as normal.
BUT the PNG logo delivers the malicious JavaScript code past most defenses.

Seven years undetected. 8 million instances, over 1 million victims.

Even more stealth. The malware loader uses several sites. The loader waits 48 hours. The loader only executes the load 10% of the time. 

Information on GhostPoster in recent.