LastPass Customers Exposed — Again

LastPass has suffered another data breach, adding to its already troubled security track record. This time, the compromise originated at Klue, an AI business intelligence firm, where attackers stole access tokens and used them to pull data from Salesforce and other integrated platforms.

Exposed data includes:

  • Names and physical addresses
  • Phone numbers and email addresses
  • Support case data and sales-related information

LastPass stressed that its core password vault infrastructure was not affected. However, the company urged customers to stay alert:

"We recommend that customers remain vigilant of potential phishing attacks or social engineering attempts, which could leverage exposed contact details."


Microsoft and Europol Disrupt Major Infostealer Networks

Microsoft, Europol, and partners announced the disruption of infrastructure behind two widely used infostealers — Amadey and StealC — as part of Operation Endgame. The coordinated action targeted 326 servers and 142 domains.

Key outcomes:

  • ~$47 million in stolen cryptocurrency flagged
  • Up to 27 million stolen credentials recovered
  • AI-assisted analysis revealed both malware families shared backend infrastructure, enabling a joint takedown

Australia Finds Nation-State Hackers Prepping Critical Infrastructure Sabotage

Australia's Security and Intelligence Organisation (ASIO) revealed this week that foreign state-sponsored hackers had penetrated the network of an Australian critical infrastructure provider and were preparing for sabotage.

"ASIO assessed the hackers were preparing for sabotage. They were mapping out the network and maintaining access so they could cripple it at a time of their choosing," said ASIO Director General Mike Burgess.

The attackers also obtained login credentials for active network users, including IT security staff. ASIO is now establishing dedicated teams to counter nation-state cyber threats to critical infrastructure.


John Bolton Pleads Guilty to Mishandling Classified Data

Former national security adviser John Bolton, 77, pleaded guilty to a single count of illegally retaining classified defense information. His plea deal recommends a prison sentence of no more than five years, along with a $2.25 million fine.

Sentencing is scheduled for October 28 before US District Judge Theodore Chuang. Bolton can withdraw his plea if the judge imposes harsher terms than those outlined in the agreement.


Other Stories on Our Radar

  • Dialog group breach: The private Peter Thiel-linked organization blamed a "criminal" hacker, but evidence points to a website misconfiguration that exposed members' data — including a White House intelligence official and an active-duty special operations officer.
  • Anthropic's Claude models: After negotiations with the White House, Anthropic received permission to make its Mythos 5 model available to select US companies and government agencies.
  • OpenAI's cybersecurity push: OpenAI launched an upgraded GPT-5.5-Cyber model and a new initiative — "Patch the Planet" — aimed at supporting open source vulnerability patching as AI accelerates both bug discovery and exploit development.
  • World Cup scams: With the knockout stage approaching, fraud schemes tied to the tournament are growing increasingly difficult to detect.