Mozilla has warned add-on developers about an active phishing campaign where attackers impersonate Mozilla and falsely claim that “Your Mozilla Add-ons account requires an update to continue accessing developer features.” The company emphasizes it has not sent any such emails and warns that phishing messages may evolve to circumvent detection. Mozilla recommends developers avoid clicking email links, verify emails come from official Mozilla domains (firefox.com, mozilla.org, mozilla.com and subdomains), ensure emails pass SPF/DKIM/DMARC authentication checks, manually navigate to Mozilla URLs instead of following links, and only enter credentials on official mozilla.org or firefox.com sites. The warning highlights the ongoing threat of credential theft targeting software developers and the importance of verifying sender authenticity before taking any action.​​​​​​​​​​​​​​​​