Ransomware moved into Microsoft Teams and nobody noticed
DragonForce ransomware did not bother with sketchy servers this time. They built a backdoor called Backdoor.Turn and hid its entire command-and-control traffic inside Microsoft Teams relay infrastructure. Your firewall sees Teams traffic. Teams traffic is whitelisted. The malware just sits there passing instructions through a platform your entire company uses for standup meetings.
144 AI developer packages got poisoned
One compromised npm account called “ehindero” woke up this week and mass-published 144 malicious packages inside Mastra, a popular framework developers use to build AI applications. All 144 dropped in a single window. Four separate security research firms flagged it simultaneously.
If your team builds on Mastra, check your dependencies right now. Not later. Now.
A Chinese threat actor sat inside US research networks for an entire year
Undetected. Quiet. Watching. Collecting. Twelve full months before anyone noticed they were even there. That is not a gap in detection. That is a canyon.
Fake CAPTCHAs are delivering malware
A campaign confirmed this morning is targeting Windows users through fake CAPTCHA pages. You see the familiar “prove you are human” prompt, you do what it says, and three techniques working together in the background slip malware past your defenses without triggering a single alarm.
They used the thing that exists to build trust. That is the whole point.
AI is generating so many fake bug reports that security maintainers had to shut down
The curl project which is a foundational open-source tool sitting inside virtually every software stack you have ever touched announced it is pausing all vulnerability submissions for July. The reason: AI-generated fake bug reports have become so overwhelming that the human maintainers cannot keep up anymore.
AI is now producing noise faster than humans can process it. The noise itself became the weapon.
Why we need to be so aware right now
Every single one of these hit this week. And every single one of them hid inside something trusted ( Teams, a legitimate package registry, a research network that looked completely clean, a CAPTCHA, an open-source inbox.)
The attack surface is not the dark corners anymore. It is the bright familiar ones. The tools we open every morning without a second thought.
We need to be paying attention like never before.