To contain this threat and protect your assets from further exposure, we have issued a mandatory firmware update. This update serves as a containment and neutralization protocol, which will re-establish a secure communication channel between your device and the Trezor network.
What's the game plan here? Are they really offering a compromised Trezor firmware that will somehow send coins to the wrong address? Or is it just a "normal" link for malware to install on your system?