{
  "type": "article",
  "title": "Security Weekly: LastPass Data Exposed Again and John Bolton Pleads Guilty",
  "summary": "This week's security digest covers the latest LastPass data breach, John Bolton's legal case involving classified documents, and international efforts to dismantle cybercrime infrastructure.",
  "content": "The password manager LastPass has had a string of significant data breaches over the years, and now there is one more to add to the list. This week, the company informed customers of a breach that included names, phone numbers, email addresses, physical addresses, support case data, and sales-related data. The attack was the result of a breach at the AI business intelligence firm Klue. Attackers compromised access tokens for Klue customers, including LastPass, and then used them to grab data from Salesforce and other integrated platforms. LastPass emphasized that the situation was not a breach of its own infrastructure and did not affect password vaults.\n\nWe recommend that customers remain vigilant of potential phishing attacks or social engineering attempts, which could leverage exposed contact details, LastPass wrote in its customer notification. Always exercise caution regarding unsolicited communications, including emails, phone calls, or requests for sensitive information.\n\nFormer Trump Adviser John Bolton Pleads Guilty in Case Over Retaining Classified Data\nJohn Bolton, a former national security adviser, pleaded guilty on Friday to a single count concerning mishandling and illegal retention of classified defense information. Bolton, 77, struck a plea deal that could allow him to avoid prison time, though the agreement recommends a prison sentence of no more than five years. US District Judge Theodore Chuang in Maryland will make the determination about sentencing at a hearing scheduled for October 28. Bolton served in the first Trump administration but subsequently became a prominent critic of President Donald Trump. As part of the deal, Bolton also agreed to pay a fine of $2.25 million, but he can withdraw his guilty plea if Chuang decides on a bigger fine or longer prison sentence than what the deal recommends.\n\nEuropol, Microsoft, and Others Disrupt Widely Used Infostealers Facilitating Cybercrime\nMicrosoft, Europol, and other partners announced on Wednesday that they disrupted infrastructure of the Amadey and StealC infostealers, malware that is central to the cybercriminal ecosystem. The work was part of Operation Endgame, which targets platforms and tools facilitating ransomware and other cybercrime. The action involved identifying, mapping, and then seizing and taking down malware infrastructure, including actions against 326 servers and 142 domains. The operation flagged about $47 million worth of stolen cryptocurrency and recovered up to 27 million stolen access credentials. Microsoft emphasized that the action was enabled by innovative techniques including AI-assisted analysis that showed Amadey and StealC were relying on the same backend infrastructure and could be targeted together.\n\nAustralia Found Nation-State Hackers Inside Critical Infrastructure, Ready to Sabotage\nAustralia’s Security and Intelligence Organisation (ASIO) said this week that it is establishing teams focused on countering nation-state cyberattacks on critical infrastructure after finding actors inside the country’s systems. We discovered nation-state hackers had compromised the network of an Australian critical infrastructure provider, ASIO’s director general, Mike Burgess, said in remarks on Wednesday. ASIO assessed the hackers were preparing for sabotage. They were mapping out the network and maintaining access so they could cripple it at a time of their choosing. Burgess spoke alongside the release of ASIO’s annual threat assessment. In this case, a state-sponsored group did not just achieve access to the Australian critical infrastructure provider, it successfully acquired credentials, login details and passwords, for active users of the networks, including the IT professionals guarding it, he added.\n\nWhat this means for you\nAcross India: Stay vigilant with your passwords and personal information when using digital services, and remain cautious of suspicious emails.\n\nFor Investors: Cybersecurity vulnerabilities in major tech companies can impact stock valuations and investor sentiment.\n\nQuestions & Answers\n\n1. What data of LastPass customers was exposed?\nThe breach exposed customer names, phone numbers, email addresses, physical addresses, support case data, and sales-related information.\n\n2. What was John Bolton charged with?\nJohn Bolton pleaded guilty to the mishandling and illegal retention of classified defense information.\n\n3. What was the goal of Operation Endgame?\nThe operation aimed to disrupt the infrastructure of malware used for cybercrime, specifically targeting the Amadey and StealC infostealers.\n\n4. Were hackers found inside Australian critical infrastructure?\nYes, ASIO confirmed that nation-state hackers compromised an Australian critical infrastructure provider and were preparing to sabotage the network.",
  "url": "https://trendkia.com/en/security/suraksha-para-isa-haphte-ki-bari-khabaren-lastpass-ka-deta-phira-lika-aura-john-bolton-ne-kabula-apana-gunaha-3355",
  "category": "Security",
  "publishedAt": "2026-06-27",
  "tags": [
    "Cybersecurity",
    "Data breach",
    "LastPass",
    "John Bolton",
    "Microsoft",
    "Australia"
  ],
  "language": "en",
  "site": "TrendKia"
}