Today’s cybersecurity news reflects a growing focus on managing AI-related risks alongside persistent threats from state-sponsored hackers and supply chain compromises. We see major software providers and security researchers responding with new controls and discoveries, while incidents such as credential harvesting and malware distribution continue to target enterprise users. This roundup highlights developments around AI feature management, sophisticated supply chain attacks, and the ongoing challenges faced by security teams in defending against advanced persistent threats.
New Controls for Managing AI Features in Browsers and Assistants
Mozilla Introduces One-Click AI Feature Disable in Firefox
Mozilla has announced a significant update to its Firefox desktop browser, providing users with a dedicated controls section to disable all generative AI features in one click. This change responds to user concerns about AI integrations and offers granular management options for those who want to retain some AI capabilities but block others. Ajit Varma, head of Firefox, emphasised that this control will cover current and future AI features, reflecting Mozilla’s proactive approach to user privacy and control in the evolving AI landscape.
This development is important for security teams and business leaders because it sets a precedent for transparent AI feature management in widely used software, addressing emerging privacy and security concerns tied to AI-driven tools.
Malicious Skills Target OpenClaw AI Assistant Users
Security researchers have uncovered over 340 malicious skills on ClawHub, a marketplace for OpenClaw (formerly MoltBot) AI assistant extensions. These malicious packages, discovered in recent audits, are designed to steal sensitive data, including passwords. This surge in malicious AI assistant extensions highlights a new supply chain risk vector as AI adoption grows.
For organisations deploying AI assistants, this underlines the need for strict vetting and monitoring of third-party AI tools, emphasising that AI supply chains are becoming attractive targets for attackers.
State-Sponsored Attacks and Supply Chain Compromises
Chinese Hackers Compromise Notepad++ Updates for Six Months
A China-linked hacking group, Lotus Blossom, has been identified as the actor behind a prolonged compromise of Notepad++’s hosting infrastructure. This breach allowed the group to deliver a previously unknown backdoor, Chrysalis, to users of the open-source code editor over a six-month period. The attack involved redirecting targeted users to malicious downloads, posing a serious risk to developers relying on this popular tool.
The incident underscores the dangers of software supply chain attacks, especially in open-source ecosystems, and serves as a warning for organisations to rigorously verify software update sources.
GlassWorm Malware Targets macOS via OpenVSX Extensions
A new malware campaign, dubbed GlassWorm, has been discovered targeting macOS users through compromised extensions in the OpenVSX marketplace. This malware aims to steal passwords, cryptocurrency wallet data, and developer credentials, making it particularly threatening to software developers and cryptocurrency users.
Security teams should prioritise monitoring extension marketplaces and educating users about the risks of installing unverified extensions, especially on macOS platforms.
Credential Theft and Exploited Vulnerabilities
Phishing Campaign Harvests Dropbox Credentials Through Fake PDFs
A malware-free phishing campaign is actively targeting corporate inboxes by sending fake “request orders” disguised as PDF attachments. The goal is to trick employees into entering their Dropbox credentials, enabling attackers to gain access to corporate cloud storage.
This attack highlights the ongoing threat of phishing, emphasising the importance of user training and email filtering controls to reduce risk.
Russian Hackers Exploit Patched Microsoft Office Vulnerability
Ukraine’s CERT has reported that Russian state-affiliated hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple Microsoft Office versions. Despite the patch availability, attackers continue to target unpatched systems, highlighting the persistent risk posed by zero-day and recently disclosed vulnerabilities.
This serves as a reminder for organisations to accelerate patch management processes and ensure critical updates are deployed promptly.
Risks to Security Professionals and Ethical Concerns
County Pays $600K to Penetration Testers Wrongfully Arrested
In a notable legal and ethical incident, two penetration testers arrested in Iowa in 2019 while performing authorised red team activities have been compensated with $600,000. This case illustrates the risks security professionals face when their activities are misunderstood by law enforcement.
Organisations employing red teams should work closely with legal counsel and local authorities to avoid such incidents and protect ethical hackers.
Conclusion
Today’s cybersecurity news illustrates the complex landscape security teams navigate: balancing the benefits and risks of AI technologies, defending against sophisticated state-sponsored supply chain attacks, and maintaining vigilance against phishing and exploitation of known vulnerabilities. Meanwhile, the industry must also consider the legal and ethical frameworks protecting security professionals who help strengthen defences.
Key Takeaways
- Mozilla’s new one-click AI disable option in Firefox empowers users to control generative AI features amid growing privacy and security concerns.
- Supply chain attacks remain a critical threat, with Chinese hackers compromising Notepad++ updates for six months to deliver backdoors.
- AI assistant marketplaces are emerging as new vectors for malware distribution, requiring tighter controls and monitoring.
- Phishing campaigns and exploitation of patched vulnerabilities continue to threaten corporate credentials and data.
- Legal protections for penetration testers need reinforcement to avoid wrongful arrests and support ethical hacking initiatives.
Security teams and business leaders must stay informed and proactive to mitigate these evolving risks effectively.