home.social

#passwords — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #passwords, aggregated by home.social.

  1. Lifehacker: The LastPass Data Breach Settlement Could Net You a Big Payout. “If you were a LastPass user affected by major security breaches in 2022, you might be eligible for a cash payout—possibly a really big one. The company is paying out benefits to those affected by breaches that compromised user vaults, and some people could be getting five-figure payments..”

    https://rbfirehose.com/2026/05/28/lifehacker-the-lastpass-data-breach-settlement-could-net-you-a-big-payout/
  2. Credential Stealer EKZ Delivered via FortiClient EMS Exploitation

    Attackers exploited CVE-2026-35616 in FortiClient EMS. Threat actors changes EMS settings and pushed a malicious VPN script to endpoints. The script downloaded EKZ Infostealer, disguised as a Fortinet patch. The malware steals browser passwords, cookies, and autofill data.

    Pulse ID: 6a1879e13827c581e8b73eb4
    Pulse Link: otx.alienvault.com/pulse/6a187
    Pulse Author: cryptocti
    Created: 2026-05-28 17:22:41

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Cookies #CyberSecurity #Endpoint #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Password #Passwords #VPN #Word #bot #cryptocti

  3. Credential Stealer EKZ Delivered via FortiClient EMS Exploitation

    Attackers exploited CVE-2026-35616 in FortiClient EMS. Threat actors changes EMS settings and pushed a malicious VPN script to endpoints. The script downloaded EKZ Infostealer, disguised as a Fortinet patch. The malware steals browser passwords, cookies, and autofill data.

    Pulse ID: 6a1879e15c8f2d2d2cf72b60
    Pulse Link: otx.alienvault.com/pulse/6a187
    Pulse Author: cryptocti
    Created: 2026-05-28 17:22:41

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Cookies #CyberSecurity #Endpoint #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Password #Passwords #VPN #Word #bot #cryptocti

  4. Credential Stealer EKZ Delivered via FortiClient EMS Exploitation

    Attackers exploited CVE-2026-35616 in FortiClient EMS. Threat actors changes EMS settings and pushed a malicious VPN script to endpoints. The script downloaded EKZ Infostealer, disguised as a Fortinet patch. The malware steals browser passwords, cookies, and autofill data.

    Pulse ID: 6a1879e2d85be08873d89445
    Pulse Link: otx.alienvault.com/pulse/6a187
    Pulse Author: cryptocti
    Created: 2026-05-28 17:22:42

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Cookies #CyberSecurity #Endpoint #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Password #Passwords #VPN #Word #bot #cryptocti

  5. Credential Stealer EKZ Delivered via FortiClient EMS Exploitation

    Attackers exploited CVE-2026-35616 in FortiClient EMS. Threat actors changes EMS settings and pushed a malicious VPN script to endpoints. The script downloaded EKZ Infostealer, disguised as a Fortinet patch. The malware steals browser passwords, cookies, and autofill data.

    Pulse ID: 6a187a5035303b62f8e49196
    Pulse Link: otx.alienvault.com/pulse/6a187
    Pulse Author: cryptocti
    Created: 2026-05-28 17:24:32

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Cookies #CyberSecurity #Endpoint #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Password #Passwords #VPN #Word #bot #cryptocti

  6. Credential Stealer EKZ Delivered via FortiClient EMS Exploitation

    Attackers exploited CVE-2026-35616 in FortiClient EMS. Threat actors changes EMS settings and pushed a malicious VPN script to endpoints. The script downloaded EKZ Infostealer, disguised as a Fortinet patch. The malware steals browser passwords, cookies, and autofill data.

    Pulse ID: 6a187acb35f351993fe5e76b
    Pulse Link: otx.alienvault.com/pulse/6a187
    Pulse Author: cryptocti
    Created: 2026-05-28 17:26:35

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Browser #Cookies #CyberSecurity #Endpoint #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Password #Passwords #VPN #Word #bot #cryptocti

  7. Synology is shuttering their C2 password manager. End of life is June 22, 2027, 6 years after its announcement.

    kb.synology.com/en-us/C2/tutor

  8. Android Trojan Abuses Commercial Rooting Tool and Steals Private Information

    Rootnik is an Android trojan that exploits vulnerabilities in Android 4.3 and earlier by weaponizing a Chinese commercial rooting tool called Root Assistant. The malicious operation spreads through repackaged legitimate applications distributed globally, affecting users primarily in the United States, Malaysia, Thailand, Lebanon and Taiwan. After installation, Rootnik gains root access using stolen exploits, installs four persistent APK files to the system partition, and performs aggressive app promotion campaigns. The trojan silently installs and uninstalls applications, downloads and executes code remotely, and harvests sensitive data including WiFi passwords, location information, device identifiers, and MAC addresses. The malware maintains command and control infrastructure through multiple domains and generates revenue through aggressive advertising that interrupts user activity regardless of the current application.

    Pulse ID: 6a123f4adef80b0c4d8ccd35
    Pulse Link: otx.alienvault.com/pulse/6a123
    Pulse Author: AlienVault
    Created: 2026-05-23 23:59:06

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #Android #Chinese #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #Thailand #Trojan #UnitedStates #Word #bot #AlienVault

  9. Android Trojan Abuses Commercial Rooting Tool and Steals Private Information

    Rootnik is an Android trojan that exploits vulnerabilities in Android 4.3 and earlier by weaponizing a Chinese commercial rooting tool called Root Assistant. The malicious operation spreads through repackaged legitimate applications distributed globally, affecting users primarily in the United States, Malaysia, Thailand, Lebanon and Taiwan. After installation, Rootnik gains root access using stolen exploits, installs four persistent APK files to the system partition, and performs aggressive app promotion campaigns. The trojan silently installs and uninstalls applications, downloads and executes code remotely, and harvests sensitive data including WiFi passwords, location information, device identifiers, and MAC addresses. The malware maintains command and control infrastructure through multiple domains and generates revenue through aggressive advertising that interrupts user activity regardless of the current application.

    Pulse ID: 6a123f4adef80b0c4d8ccd35
    Pulse Link: otx.alienvault.com/pulse/6a123
    Pulse Author: AlienVault
    Created: 2026-05-23 23:59:06

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #Android #Chinese #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #Thailand #Trojan #UnitedStates #Word #bot #AlienVault

  10. Android Trojan Abuses Commercial Rooting Tool and Steals Private Information

    Rootnik is an Android trojan that exploits vulnerabilities in Android 4.3 and earlier by weaponizing a Chinese commercial rooting tool called Root Assistant. The malicious operation spreads through repackaged legitimate applications distributed globally, affecting users primarily in the United States, Malaysia, Thailand, Lebanon and Taiwan. After installation, Rootnik gains root access using stolen exploits, installs four persistent APK files to the system partition, and performs aggressive app promotion campaigns. The trojan silently installs and uninstalls applications, downloads and executes code remotely, and harvests sensitive data including WiFi passwords, location information, device identifiers, and MAC addresses. The malware maintains command and control infrastructure through multiple domains and generates revenue through aggressive advertising that interrupts user activity regardless of the current application.

    Pulse ID: 6a123f4adef80b0c4d8ccd35
    Pulse Link: otx.alienvault.com/pulse/6a123
    Pulse Author: AlienVault
    Created: 2026-05-23 23:59:06

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #Android #Chinese #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #Thailand #Trojan #UnitedStates #Word #bot #AlienVault

  11. Android Trojan Abuses Commercial Rooting Tool and Steals Private Information

    Rootnik is an Android trojan that exploits vulnerabilities in Android 4.3 and earlier by weaponizing a Chinese commercial rooting tool called Root Assistant. The malicious operation spreads through repackaged legitimate applications distributed globally, affecting users primarily in the United States, Malaysia, Thailand, Lebanon and Taiwan. After installation, Rootnik gains root access using stolen exploits, installs four persistent APK files to the system partition, and performs aggressive app promotion campaigns. The trojan silently installs and uninstalls applications, downloads and executes code remotely, and harvests sensitive data including WiFi passwords, location information, device identifiers, and MAC addresses. The malware maintains command and control infrastructure through multiple domains and generates revenue through aggressive advertising that interrupts user activity regardless of the current application.

    Pulse ID: 6a123f4adef80b0c4d8ccd35
    Pulse Link: otx.alienvault.com/pulse/6a123
    Pulse Author: AlienVault
    Created: 2026-05-23 23:59:06

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #Android #Chinese #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #Thailand #Trojan #UnitedStates #Word #bot #AlienVault

  12. Android Trojan Abuses Commercial Rooting Tool and Steals Private Information

    Rootnik is an Android trojan that exploits vulnerabilities in Android 4.3 and earlier by weaponizing a Chinese commercial rooting tool called Root Assistant. The malicious operation spreads through repackaged legitimate applications distributed globally, affecting users primarily in the United States, Malaysia, Thailand, Lebanon and Taiwan. After installation, Rootnik gains root access using stolen exploits, installs four persistent APK files to the system partition, and performs aggressive app promotion campaigns. The trojan silently installs and uninstalls applications, downloads and executes code remotely, and harvests sensitive data including WiFi passwords, location information, device identifiers, and MAC addresses. The malware maintains command and control infrastructure through multiple domains and generates revenue through aggressive advertising that interrupts user activity regardless of the current application.

    Pulse ID: 6a123f4adef80b0c4d8ccd35
    Pulse Link: otx.alienvault.com/pulse/6a123
    Pulse Author: AlienVault
    Created: 2026-05-23 23:59:06

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #APK #Android #Chinese #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #Thailand #Trojan #UnitedStates #Word #bot #AlienVault

  13. Apparently, lots of people use the names of their favourite football players and clubs as passwords. Which ones are most popular -- among people whose passwords have been breached -- is quite interesting! :-D

    gadget.co.za/messitopsronaldo7

    #passwords #sport

  14. My KeePass and Syncthing setup

    How I sync passwords across my laptop, desktop, and phone using KeePassXC and Syncthing, plus a couple bash scripts I wrote to handle masked emails (like 1Password's feature) and merge sync conflicts.

    michaelharley.net/posts/2026/0

    #MichaelHarleyNet #BlogPost #KeePass #Syncthing #Passwords #IndieWeb #SelfHosting

  15. My KeePass and Syncthing setup

    How I sync passwords across my laptop, desktop, and phone using KeePassXC and Syncthing, plus a couple bash scripts I wrote to handle masked emails (like 1Password's feature) and merge sync conflicts.

    michaelharley.net/posts/2026/0

    #MichaelHarleyNet #BlogPost #KeePass #Syncthing #Passwords #IndieWeb #SelfHosting

  16. My KeePass and Syncthing setup

    How I sync passwords across my laptop, desktop, and phone using KeePassXC and Syncthing, plus a couple bash scripts I wrote to handle masked emails (like 1Password's feature) and merge sync conflicts.

    michaelharley.net/posts/2026/0

    #MichaelHarleyNet #BlogPost #KeePass #Syncthing #Passwords #IndieWeb #SelfHosting

  17. My KeePass and Syncthing setup

    How I sync passwords across my laptop, desktop, and phone using KeePassXC and Syncthing, plus a couple bash scripts I wrote to handle masked emails (like 1Password's feature) and merge sync conflicts.

    michaelharley.net/posts/2026/0

    #MichaelHarleyNet #BlogPost #KeePass #Syncthing #Passwords #IndieWeb #SelfHosting

  18. My KeePass and Syncthing setup

    How I sync passwords across my laptop, desktop, and phone using KeePassXC and Syncthing, plus a couple bash scripts I wrote to handle masked emails (like 1Password's feature) and merge sync conflicts.

    michaelharley.net/posts/2026/0

    #MichaelHarleyNet #BlogPost #KeePass #Syncthing #Passwords #IndieWeb #SelfHosting

  19. CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. 🔓
    A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. ☁️

    🔗 techcrunch.com/2026/05/19/us-c

    #TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal

  20. CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. 🔓
    A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. ☁️

    🔗 techcrunch.com/2026/05/19/us-c

    #TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal

  21. CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. 🔓
    A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. ☁️

    🔗 techcrunch.com/2026/05/19/us-c

    #TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal

  22. CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. 🔓
    A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. ☁️

    🔗 techcrunch.com/2026/05/19/us-c

    #TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal

  23. CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. 🔓
    A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. ☁️

    🔗 techcrunch.com/2026/05/19/us-c

    #TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal

  24. Security (b)log: Giving up secrets
    Some people are still unaware of basic security hygiene.

    #passwords #phishing

    News from big bad world: more passwords leaked | digital autonomy isn't that hard | quantum computer on its way | more

    securityblogpatrick-english.bl

  25. Password “security” rules from hell.

    Also note how they messed up the HTML entity encoding in the error message: & < >

    #security #passwords

  26. Varför gör företag så här, 2026? 🤔

    Lagrar de lösenord i klartext? Det spelar ju absolut ingen som helst roll om användaren trycker in 64, 256, 512 eller 1024 tecken som lösenord vad gäller leverantörens plattform.

    #wtf #cybersec #itsec #infosec #fortnox #passwords #cybersecurity #ffs

  27. Varför gör företag så här, 2026? 🤔

    Lagrar de lösenord i klartext? Det spelar ju absolut ingen som helst roll om användaren trycker in 64, 256, 512 eller 1024 tecken som lösenord vad gäller leverantörens plattform.

    #wtf #cybersec #itsec #infosec #fortnox #passwords #cybersecurity #ffs

  28. Varför gör företag så här, 2026? 🤔

    Lagrar de lösenord i klartext? Det spelar ju absolut ingen som helst roll om användaren trycker in 64, 256, 512 eller 1024 tecken som lösenord vad gäller leverantörens plattform.

    #wtf #cybersec #itsec #infosec #fortnox #passwords #cybersecurity #ffs

  29. Varför gör företag så här, 2026? 🤔

    Lagrar de lösenord i klartext? Det spelar ju absolut ingen som helst roll om användaren trycker in 64, 256, 512 eller 1024 tecken som lösenord vad gäller leverantörens plattform.

    #wtf #cybersec #itsec #infosec #fortnox #passwords #cybersecurity #ffs

  30. Varför gör företag så här, 2026? 🤔

    Lagrar de lösenord i klartext? Det spelar ju absolut ingen som helst roll om användaren trycker in 64, 256, 512 eller 1024 tecken som lösenord vad gäller leverantörens plattform.

    #wtf #cybersec #itsec #infosec #fortnox #passwords #cybersecurity #ffs

  31. #CISA #Admin Leaked #AWS #GovCloud #Keys on #Github

    source: krebsonsecurity.com/2026/05/ci…

    A review of the GitHub #account and its exposed #passwords show the “Private CISA” #repository was maintained by an employee of Nightwing, a #government #contractor based in Dulles, Va. Nightwing declined to comment, directing inquiries to CISA.

    #leak #security #cloud #key #password #fail #cybersecurity #internet #online #fail #news #usa #infrastructure

  32. #CISA #Admin Leaked #AWS #GovCloud #Keys on #Github

    source: krebsonsecurity.com/2026/05/ci…

    A review of the GitHub #account and its exposed #passwords show the “Private CISA” #repository was maintained by an employee of Nightwing, a #government #contractor based in Dulles, Va. Nightwing declined to comment, directing inquiries to CISA.

    #leak #security #cloud #key #password #fail #cybersecurity #internet #online #fail #news #usa #infrastructure

  33. #CISA #Admin Leaked #AWS #GovCloud #Keys on #Github

    source: krebsonsecurity.com/2026/05/ci…

    A review of the GitHub #account and its exposed #passwords show the “Private CISA” #repository was maintained by an employee of Nightwing, a #government #contractor based in Dulles, Va. Nightwing declined to comment, directing inquiries to CISA.

    #leak #security #cloud #key #password #fail #cybersecurity #internet #online #fail #news #usa #infrastructure

  34. ZDNet: Microsoft Edge just stopped storing your passwords in plaintext – but you’ll need the latest update. “In a recent post by Microsoft Edge Security Team Lead Gareth Evans, the company announced that it will no longer store your plaintext passwords in Edge in memory. The change comes in response to a recent finding that questioned the safety and security of your stored passwords.”

    https://rbfirehose.com/2026/05/19/zdnet-microsoft-edge-just-stopped-storing-your-passwords-in-plaintext-but-youll-need-the-latest-update/
  35. The Register: Dude… where’s my password? Claude reunites forgetful stoner with $400k Bitcoin stash. “Eleven years ago, a stoner bought some Bitcoin, lit up, and entered a password that he soon forgot. Now, after searching for more than a decade, Claude AI has helped him figure out the credentials he needed to gain access to a crypto wallet containing currency that is now worth a whopping […]

    https://rbfirehose.com/2026/05/19/the-register-dude-wheres-my-password-claude-reunites-forgetful-stoner-with-400k-bitcoin-stash/
  36. Soooo Password Manager tool Bitwarden is enshitifying this week; with potential flow on implications for Vaultwarden (dont stress today, but be ready to stress later).

    blog.ppb1701.com/the-quiet-ren

    Makes for an awkard moment for us at the Digital Justice Society.

    We've recently downgraded our rating of Proton Pass, as month on month we we were finding they had become increasingly spammy in their sign up flows.

    Now our "Best" options for free non-big-tech Password Managers.. are both Enshitifying.

    Bitwarden, ProtonPass; the principal would like to see both of you after class today.

    #BitWarden #ProtonPass #1Password #PasswordManager #DigitalSecurity #Passwords #PasswordSecurity #DigitalJustice