Firefox Gets Free VPN While Attackers Perfect Their Social Engineering Game

Page content

Firefox Gets Free VPN While Attackers Perfect Their Social Engineering Game

It’s been quite a week in security news, and I wanted to share some thoughts on the stories that caught my attention. We’re seeing interesting developments on both the defensive and offensive sides – from Mozilla stepping up privacy protection to attackers getting increasingly creative with their delivery methods.

Mozilla Makes VPN Protection Mainstream

The biggest news for everyday users has to be Firefox’s new built-in VPN feature in version 149. Fifty gigabytes of monthly VPN traffic at no cost is genuinely impressive, especially when you consider that many people have never used a VPN at all.

What I find most interesting about this move is the timing. Mozilla is essentially betting that privacy-conscious browsing will become a key differentiator as Chrome continues to dominate the market. For those of us in security, this could be a game-changer for user education – it’s much easier to explain VPN benefits when users can try one with zero friction.

The 50GB limit is reasonable for most casual users, though power users and remote workers will likely hit that ceiling pretty quickly. Still, it’s a smart way to introduce the concept without completely cannibalizing the paid VPN market.

Social Engineering Gets a Professional Makeover

Meanwhile, attackers are getting more sophisticated with their social engineering tactics. There’s an ongoing campaign targeting French-speaking organizations using fake resumes as the attack vector. What makes this particularly clever is how it exploits the hiring process – HR departments are naturally expecting to receive and open resume documents.

The technical execution is solid too. These aren’t your typical macro-laden Word documents. Instead, attackers are using heavily obfuscated VBScript files disguised as CVs, which speaks to a more sophisticated understanding of both social engineering and technical evasion techniques.

This campaign highlights why we need to rethink our approach to document security in HR workflows. Traditional email security might catch obvious malware, but when the social engineering is this well-crafted, we need additional layers of protection and user awareness training.

The GitHub Supply Chain Problem Keeps Growing

Speaking of sophisticated attacks, the discovery of the ‘OpenClaw Deployer’ trojan campaign on GitHub shows how attackers are scaling their operations. Over 300 poisoned packages targeting everything from developer tools to game cheats – that’s not a small-scale operation.

What’s particularly concerning is the mention of AI assistance in this campaign. We’re starting to see attackers use automation not just for the technical aspects of malware creation, but for the entire campaign lifecycle. This includes generating convincing package descriptions, documentation, and even fake user interactions to make repositories appear legitimate.

For development teams, this reinforces why dependency scanning and software composition analysis aren’t optional anymore. When attackers can generate hundreds of convincing fake packages, manual review simply doesn’t scale.

Critical Infrastructure Needs Immediate Attention

On the enterprise side, Citrix is urging immediate patching for critical NetScaler vulnerabilities that allow unauthenticated remote attackers to leak memory contents. NetScaler appliances are often sitting at the edge of corporate networks, making this the kind of vulnerability that keeps security teams up at night.

Memory disclosure vulnerabilities in network appliances are particularly dangerous because they can expose authentication tokens, session data, and other sensitive information that attackers can use to pivot deeper into networks. If you’re running NetScaler in your environment, this should be at the top of your patching queue.

Looking Forward

These stories paint an interesting picture of where we are in 2026. On one hand, we’re seeing major browser vendors make privacy tools more accessible to everyday users. On the other hand, attackers are becoming more professional and systematic in their approaches, using AI to scale operations and targeting the human elements of our security controls.

The common thread I see is the importance of defense in depth. Firefox’s VPN integration is great, but it’s just one layer. The sophisticated social engineering campaigns remind us that technical controls need to be paired with user education. And the supply chain attacks show why we need both automated scanning and human oversight in our development processes.

What’s your take on these developments? I’m particularly curious to hear how other teams are handling the GitHub package security challenge – it feels like we’re still figuring out the right balance between security and developer productivity.

Sources