Researchers from ETH Zurich have uncovered serious security vulnerabilities in three popular cloud-based password managers-Bitwarden, LastPass, and Dashlane-affecting around 60 million users, by demonstrating multiple attacks (12 on Bitwarden, 7 on LastPass, and 6 on Dashlane) that allow a malicious server to view and alter stored passwords despite claims of "zero-knowledge encryption." The study highlights how added features for usability increase complexity and attack surfaces, while reliance on outdated cryptographic methods undermines true protection against compromised servers. Providers were notified and given 90 days to address the issues, with experts urging clearer communication about actual security guarantees and adoption of modern cryptography.