LastPass vulnerable to LostPass Credential Stealing Attack
"A phishing attack against password vault LastPass can allow an attacker to steal a user's email, password, and even two-factor auth code, giving full access to all passwords and documents stored in LastPass.
According to research by Sean Cassidy, a software engineer whose day job is CTO at Praesidio, the ‘LostPass’ attack works because LastPass displays messages in the browser that attackers can fake."