PSA: Hackers can steal your username and password for a website using an embedded iframe. It's a weakness for all password managers, and most have addressed the flaw in various ways, including issuing warnings when users are on a login page with an iframe or not trusting subdomains. Bitwarden is the sole exception, having determined in 2018 that the threat was not significant enough to address.
What just happened? There are plenty of illicit websites trading in stolen financial data, including one called BidenCash, which uses the president's name and his image. To celebrate its first birthday, the site has published a database filled with over 2 million credit and debit card details so anyone can look them up free of charge.