Ars Technica

Password data for ~2.2 million users of currency and gaming sites dumped online

So... if you had the bcrypt hashes, knew what the salt value was, and had a collection of commonly used passwords, how difficult would it be to identify any user of ...
Infosecurity-magazine.com

Bouncy Castle Bug Puts Bcrypt Passwords at Risk

A high impact vulnerability has been discovered in a popular Java cryptography library which could allow attackers to more easily brute force Bcrypt hashed passwords. CVE-2020-28052 is an ...