#passwords — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #passwords, aggregated by home.social.
-
Lifehacker: The LastPass Data Breach Settlement Could Net You a Big Payout. “If you were a LastPass user affected by major security breaches in 2022, you might be eligible for a cash payout—possibly a really big one. The company is paying out benefits to those affected by breaches that compromised user vaults, and some people could be getting five-figure payments..”
https://rbfirehose.com/2026/05/28/lifehacker-the-lastpass-data-breach-settlement-could-net-you-a-big-payout/ -
Credential Stealer EKZ Delivered via FortiClient EMS Exploitation
Attackers exploited CVE-2026-35616 in FortiClient EMS. Threat actors changes EMS settings and pushed a malicious VPN script to endpoints. The script downloaded EKZ Infostealer, disguised as a Fortinet patch. The malware steals browser passwords, cookies, and autofill data.
Pulse ID: 6a1879e13827c581e8b73eb4
Pulse Link: https://otx.alienvault.com/pulse/6a1879e13827c581e8b73eb4
Pulse Author: cryptocti
Created: 2026-05-28 17:22:41Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cookies #CyberSecurity #Endpoint #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Password #Passwords #VPN #Word #bot #cryptocti
-
Credential Stealer EKZ Delivered via FortiClient EMS Exploitation
Attackers exploited CVE-2026-35616 in FortiClient EMS. Threat actors changes EMS settings and pushed a malicious VPN script to endpoints. The script downloaded EKZ Infostealer, disguised as a Fortinet patch. The malware steals browser passwords, cookies, and autofill data.
Pulse ID: 6a1879e15c8f2d2d2cf72b60
Pulse Link: https://otx.alienvault.com/pulse/6a1879e15c8f2d2d2cf72b60
Pulse Author: cryptocti
Created: 2026-05-28 17:22:41Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cookies #CyberSecurity #Endpoint #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Password #Passwords #VPN #Word #bot #cryptocti
-
Credential Stealer EKZ Delivered via FortiClient EMS Exploitation
Attackers exploited CVE-2026-35616 in FortiClient EMS. Threat actors changes EMS settings and pushed a malicious VPN script to endpoints. The script downloaded EKZ Infostealer, disguised as a Fortinet patch. The malware steals browser passwords, cookies, and autofill data.
Pulse ID: 6a1879e2d85be08873d89445
Pulse Link: https://otx.alienvault.com/pulse/6a1879e2d85be08873d89445
Pulse Author: cryptocti
Created: 2026-05-28 17:22:42Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cookies #CyberSecurity #Endpoint #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Password #Passwords #VPN #Word #bot #cryptocti
-
Credential Stealer EKZ Delivered via FortiClient EMS Exploitation
Attackers exploited CVE-2026-35616 in FortiClient EMS. Threat actors changes EMS settings and pushed a malicious VPN script to endpoints. The script downloaded EKZ Infostealer, disguised as a Fortinet patch. The malware steals browser passwords, cookies, and autofill data.
Pulse ID: 6a187a5035303b62f8e49196
Pulse Link: https://otx.alienvault.com/pulse/6a187a5035303b62f8e49196
Pulse Author: cryptocti
Created: 2026-05-28 17:24:32Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cookies #CyberSecurity #Endpoint #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Password #Passwords #VPN #Word #bot #cryptocti
-
Credential Stealer EKZ Delivered via FortiClient EMS Exploitation
Attackers exploited CVE-2026-35616 in FortiClient EMS. Threat actors changes EMS settings and pushed a malicious VPN script to endpoints. The script downloaded EKZ Infostealer, disguised as a Fortinet patch. The malware steals browser passwords, cookies, and autofill data.
Pulse ID: 6a187acb35f351993fe5e76b
Pulse Link: https://otx.alienvault.com/pulse/6a187acb35f351993fe5e76b
Pulse Author: cryptocti
Created: 2026-05-28 17:26:35Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Browser #Cookies #CyberSecurity #Endpoint #InfoSec #InfoStealer #Malware #OTX #OpenThreatExchange #Password #Passwords #VPN #Word #bot #cryptocti
-
“The Worst Leak That I’ve Witnessed”: US Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub, by @gizmodo.com:
-
‘The Worst Leak I’ve Witnessed’: A CISA Contractor Left AWS GovCloud Credentials Sitting In A Public GitHub Repo
-
Synology is shuttering their C2 password manager. End of life is June 22, 2027, 6 years after its announcement.
-
#Business #Approaches
Self hosting passwords · “I haven’t used an online password manager in 5 years.“ https://ilo.im/16d6o1_____
#Online #Offline #PasswordManager #Passwords #Synchronization #KeePass #Vaultwarden #SelfHosting -
#Business #Approaches
Self hosting passwords · “I haven’t used an online password manager in 5 years.“ https://ilo.im/16d6o1_____
#Online #Offline #PasswordManager #Passwords #Synchronization #KeePass #Vaultwarden #SelfHosting -
#Business #Approaches
Self hosting passwords · “I haven’t used an online password manager in 5 years.“ https://ilo.im/16d6o1_____
#Online #Offline #PasswordManager #Passwords #Synchronization #KeePass #Vaultwarden #SelfHosting -
#Business #Approaches
Self hosting passwords · “I haven’t used an online password manager in 5 years.“ https://ilo.im/16d6o1_____
#Online #Offline #PasswordManager #Passwords #Synchronization #KeePass #Vaultwarden #SelfHosting -
Android Trojan Abuses Commercial Rooting Tool and Steals Private Information
Rootnik is an Android trojan that exploits vulnerabilities in Android 4.3 and earlier by weaponizing a Chinese commercial rooting tool called Root Assistant. The malicious operation spreads through repackaged legitimate applications distributed globally, affecting users primarily in the United States, Malaysia, Thailand, Lebanon and Taiwan. After installation, Rootnik gains root access using stolen exploits, installs four persistent APK files to the system partition, and performs aggressive app promotion campaigns. The trojan silently installs and uninstalls applications, downloads and executes code remotely, and harvests sensitive data including WiFi passwords, location information, device identifiers, and MAC addresses. The malware maintains command and control infrastructure through multiple domains and generates revenue through aggressive advertising that interrupts user activity regardless of the current application.
Pulse ID: 6a123f4adef80b0c4d8ccd35
Pulse Link: https://otx.alienvault.com/pulse/6a123f4adef80b0c4d8ccd35
Pulse Author: AlienVault
Created: 2026-05-23 23:59:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#APK #Android #Chinese #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #Thailand #Trojan #UnitedStates #Word #bot #AlienVault
-
Android Trojan Abuses Commercial Rooting Tool and Steals Private Information
Rootnik is an Android trojan that exploits vulnerabilities in Android 4.3 and earlier by weaponizing a Chinese commercial rooting tool called Root Assistant. The malicious operation spreads through repackaged legitimate applications distributed globally, affecting users primarily in the United States, Malaysia, Thailand, Lebanon and Taiwan. After installation, Rootnik gains root access using stolen exploits, installs four persistent APK files to the system partition, and performs aggressive app promotion campaigns. The trojan silently installs and uninstalls applications, downloads and executes code remotely, and harvests sensitive data including WiFi passwords, location information, device identifiers, and MAC addresses. The malware maintains command and control infrastructure through multiple domains and generates revenue through aggressive advertising that interrupts user activity regardless of the current application.
Pulse ID: 6a123f4adef80b0c4d8ccd35
Pulse Link: https://otx.alienvault.com/pulse/6a123f4adef80b0c4d8ccd35
Pulse Author: AlienVault
Created: 2026-05-23 23:59:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#APK #Android #Chinese #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #Thailand #Trojan #UnitedStates #Word #bot #AlienVault
-
Android Trojan Abuses Commercial Rooting Tool and Steals Private Information
Rootnik is an Android trojan that exploits vulnerabilities in Android 4.3 and earlier by weaponizing a Chinese commercial rooting tool called Root Assistant. The malicious operation spreads through repackaged legitimate applications distributed globally, affecting users primarily in the United States, Malaysia, Thailand, Lebanon and Taiwan. After installation, Rootnik gains root access using stolen exploits, installs four persistent APK files to the system partition, and performs aggressive app promotion campaigns. The trojan silently installs and uninstalls applications, downloads and executes code remotely, and harvests sensitive data including WiFi passwords, location information, device identifiers, and MAC addresses. The malware maintains command and control infrastructure through multiple domains and generates revenue through aggressive advertising that interrupts user activity regardless of the current application.
Pulse ID: 6a123f4adef80b0c4d8ccd35
Pulse Link: https://otx.alienvault.com/pulse/6a123f4adef80b0c4d8ccd35
Pulse Author: AlienVault
Created: 2026-05-23 23:59:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#APK #Android #Chinese #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #Thailand #Trojan #UnitedStates #Word #bot #AlienVault
-
Android Trojan Abuses Commercial Rooting Tool and Steals Private Information
Rootnik is an Android trojan that exploits vulnerabilities in Android 4.3 and earlier by weaponizing a Chinese commercial rooting tool called Root Assistant. The malicious operation spreads through repackaged legitimate applications distributed globally, affecting users primarily in the United States, Malaysia, Thailand, Lebanon and Taiwan. After installation, Rootnik gains root access using stolen exploits, installs four persistent APK files to the system partition, and performs aggressive app promotion campaigns. The trojan silently installs and uninstalls applications, downloads and executes code remotely, and harvests sensitive data including WiFi passwords, location information, device identifiers, and MAC addresses. The malware maintains command and control infrastructure through multiple domains and generates revenue through aggressive advertising that interrupts user activity regardless of the current application.
Pulse ID: 6a123f4adef80b0c4d8ccd35
Pulse Link: https://otx.alienvault.com/pulse/6a123f4adef80b0c4d8ccd35
Pulse Author: AlienVault
Created: 2026-05-23 23:59:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#APK #Android #Chinese #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #Thailand #Trojan #UnitedStates #Word #bot #AlienVault
-
Android Trojan Abuses Commercial Rooting Tool and Steals Private Information
Rootnik is an Android trojan that exploits vulnerabilities in Android 4.3 and earlier by weaponizing a Chinese commercial rooting tool called Root Assistant. The malicious operation spreads through repackaged legitimate applications distributed globally, affecting users primarily in the United States, Malaysia, Thailand, Lebanon and Taiwan. After installation, Rootnik gains root access using stolen exploits, installs four persistent APK files to the system partition, and performs aggressive app promotion campaigns. The trojan silently installs and uninstalls applications, downloads and executes code remotely, and harvests sensitive data including WiFi passwords, location information, device identifiers, and MAC addresses. The malware maintains command and control infrastructure through multiple domains and generates revenue through aggressive advertising that interrupts user activity regardless of the current application.
Pulse ID: 6a123f4adef80b0c4d8ccd35
Pulse Link: https://otx.alienvault.com/pulse/6a123f4adef80b0c4d8ccd35
Pulse Author: AlienVault
Created: 2026-05-23 23:59:06Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#APK #Android #Chinese #CyberSecurity #InfoSec #Mac #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #Thailand #Trojan #UnitedStates #Word #bot #AlienVault
-
Apparently, lots of people use the names of their favourite football players and clubs as passwords. Which ones are most popular -- among people whose passwords have been breached -- is quite interesting! :-D
https://gadget.co.za/messitopsronaldo74m/?utm_source=MastodonAfrica
-
Your Saved Passwords Are Not Safe Until You Do This 🗝🔒 https://www.youtube.com/watch?v=x-U-1P4o3-I 💡🎬 #Saved #Passwords #Security #Guide #Chrome
-
My KeePass and Syncthing setup
How I sync passwords across my laptop, desktop, and phone using KeePassXC and Syncthing, plus a couple bash scripts I wrote to handle masked emails (like 1Password's feature) and merge sync conflicts.
https://michaelharley.net/posts/2026/05/23/my-keepass-and-syncthing-setup/
#MichaelHarleyNet #BlogPost #KeePass #Syncthing #Passwords #IndieWeb #SelfHosting
-
My KeePass and Syncthing setup
How I sync passwords across my laptop, desktop, and phone using KeePassXC and Syncthing, plus a couple bash scripts I wrote to handle masked emails (like 1Password's feature) and merge sync conflicts.
https://michaelharley.net/posts/2026/05/23/my-keepass-and-syncthing-setup/
#MichaelHarleyNet #BlogPost #KeePass #Syncthing #Passwords #IndieWeb #SelfHosting
-
My KeePass and Syncthing setup
How I sync passwords across my laptop, desktop, and phone using KeePassXC and Syncthing, plus a couple bash scripts I wrote to handle masked emails (like 1Password's feature) and merge sync conflicts.
https://michaelharley.net/posts/2026/05/23/my-keepass-and-syncthing-setup/
#MichaelHarleyNet #BlogPost #KeePass #Syncthing #Passwords #IndieWeb #SelfHosting
-
My KeePass and Syncthing setup
How I sync passwords across my laptop, desktop, and phone using KeePassXC and Syncthing, plus a couple bash scripts I wrote to handle masked emails (like 1Password's feature) and merge sync conflicts.
https://michaelharley.net/posts/2026/05/23/my-keepass-and-syncthing-setup/
#MichaelHarleyNet #BlogPost #KeePass #Syncthing #Passwords #IndieWeb #SelfHosting
-
My KeePass and Syncthing setup
How I sync passwords across my laptop, desktop, and phone using KeePassXC and Syncthing, plus a couple bash scripts I wrote to handle masked emails (like 1Password's feature) and merge sync conflicts.
https://michaelharley.net/posts/2026/05/23/my-keepass-and-syncthing-setup/
#MichaelHarleyNet #BlogPost #KeePass #Syncthing #Passwords #IndieWeb #SelfHosting
-
CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. 🔓
A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. ☁️#TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal
-
CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. 🔓
A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. ☁️#TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal
-
CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. 🔓
A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. ☁️#TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal
-
CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. 🔓
A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. ☁️#TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal
-
CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. 🔓
A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. ☁️#TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal
-
Security (b)log: Giving up secrets
Some people are still unaware of basic security hygiene.News from big bad world: more passwords leaked | digital autonomy isn't that hard | quantum computer on its way | more
-
Password “security” rules from hell.
Also note how they messed up the HTML entity encoding in the error message: & < >
-
Get your passwords out of Bitwarden while you still can
https://www.osnews.com/story/145029/get-your-passwords-out-of-bitwarden-while-you-still-can/
#HackerNews #Bitwarden #Passwords #DataSecurity #OnlineSafety #Cybersecurity #PasswordManagement
-
Get your #passwords out of #BitWarden while you still can
https://www.osnews.com/story/145029/get-your-passwords-out-of-bitwarden-while-you-still-can/Putting your passwords in any (non-self hosted) #cloud was a bad idea in the first place: https://karl-voit.at/cloud/
#enshittification #passwordmanager #publicvoit #20161112_Cloud
-
Varför gör företag så här, 2026? 🤔
Lagrar de lösenord i klartext? Det spelar ju absolut ingen som helst roll om användaren trycker in 64, 256, 512 eller 1024 tecken som lösenord vad gäller leverantörens plattform.
#wtf #cybersec #itsec #infosec #fortnox #passwords #cybersecurity #ffs
-
Varför gör företag så här, 2026? 🤔
Lagrar de lösenord i klartext? Det spelar ju absolut ingen som helst roll om användaren trycker in 64, 256, 512 eller 1024 tecken som lösenord vad gäller leverantörens plattform.
#wtf #cybersec #itsec #infosec #fortnox #passwords #cybersecurity #ffs
-
Varför gör företag så här, 2026? 🤔
Lagrar de lösenord i klartext? Det spelar ju absolut ingen som helst roll om användaren trycker in 64, 256, 512 eller 1024 tecken som lösenord vad gäller leverantörens plattform.
#wtf #cybersec #itsec #infosec #fortnox #passwords #cybersecurity #ffs
-
Varför gör företag så här, 2026? 🤔
Lagrar de lösenord i klartext? Det spelar ju absolut ingen som helst roll om användaren trycker in 64, 256, 512 eller 1024 tecken som lösenord vad gäller leverantörens plattform.
#wtf #cybersec #itsec #infosec #fortnox #passwords #cybersecurity #ffs
-
Varför gör företag så här, 2026? 🤔
Lagrar de lösenord i klartext? Det spelar ju absolut ingen som helst roll om användaren trycker in 64, 256, 512 eller 1024 tecken som lösenord vad gäller leverantörens plattform.
#wtf #cybersec #itsec #infosec #fortnox #passwords #cybersecurity #ffs
-
#CISA #Admin Leaked #AWS #GovCloud #Keys on #Github
source: krebsonsecurity.com/2026/05/ci…
A review of the GitHub #account and its exposed #passwords show the “Private CISA” #repository was maintained by an employee of Nightwing, a #government #contractor based in Dulles, Va. Nightwing declined to comment, directing inquiries to CISA.
#leak #security #cloud #key #password #fail #cybersecurity #internet #online #fail #news #usa #infrastructure
-
#CISA #Admin Leaked #AWS #GovCloud #Keys on #Github
source: krebsonsecurity.com/2026/05/ci…
A review of the GitHub #account and its exposed #passwords show the “Private CISA” #repository was maintained by an employee of Nightwing, a #government #contractor based in Dulles, Va. Nightwing declined to comment, directing inquiries to CISA.
#leak #security #cloud #key #password #fail #cybersecurity #internet #online #fail #news #usa #infrastructure
-
#CISA #Admin Leaked #AWS #GovCloud #Keys on #Github
source: krebsonsecurity.com/2026/05/ci…
A review of the GitHub #account and its exposed #passwords show the “Private CISA” #repository was maintained by an employee of Nightwing, a #government #contractor based in Dulles, Va. Nightwing declined to comment, directing inquiries to CISA.
#leak #security #cloud #key #password #fail #cybersecurity #internet #online #fail #news #usa #infrastructure
-
ZDNet: Microsoft Edge just stopped storing your passwords in plaintext – but you’ll need the latest update. “In a recent post by Microsoft Edge Security Team Lead Gareth Evans, the company announced that it will no longer store your plaintext passwords in Edge in memory. The change comes in response to a recent finding that questioned the safety and security of your stored passwords.”
https://rbfirehose.com/2026/05/19/zdnet-microsoft-edge-just-stopped-storing-your-passwords-in-plaintext-but-youll-need-the-latest-update/ -
The Register: Dude… where’s my password? Claude reunites forgetful stoner with $400k Bitcoin stash. “Eleven years ago, a stoner bought some Bitcoin, lit up, and entered a password that he soon forgot. Now, after searching for more than a decade, Claude AI has helped him figure out the credentials he needed to gain access to a crypto wallet containing currency that is now worth a whopping […]
https://rbfirehose.com/2026/05/19/the-register-dude-wheres-my-password-claude-reunites-forgetful-stoner-with-400k-bitcoin-stash/ -
Soooo Password Manager tool Bitwarden is enshitifying this week; with potential flow on implications for Vaultwarden (dont stress today, but be ready to stress later).
https://blog.ppb1701.com/the-quiet-renovation-at-bitwarden
Makes for an awkard moment for us at the Digital Justice Society.
We've recently downgraded our rating of Proton Pass, as month on month we we were finding they had become increasingly spammy in their sign up flows.
Now our "Best" options for free non-big-tech Password Managers.. are both Enshitifying.
Bitwarden, ProtonPass; the principal would like to see both of you after class today.
#BitWarden #ProtonPass #1Password #PasswordManager #DigitalSecurity #Passwords #PasswordSecurity #DigitalJustice