Threat Labs Netskope

Summary Netskope Threat Labs is tracking several phishing campaigns that weaponize fake meeting invites for various video conference applications, including Zoom, Microsoft Teams, and Google Meet. The attackers trick corporate users to execute the payload by claiming a mandatory software update is required to join the video call, redirecting victims to typo-squatted domains, such as

Summary Starting on February 2 at around 16:00 UTC, Netskope Threat Labs was alerted to a spike of users across 48 different organizations clicking on tech support scam links hosted in Azure Blob Storage. All of the victims were located in the U.S. and distributed across multiple industries, including healthcare, manufacturing, and technology.  Every visit

Update 2026-01-30 (18:00Z): Following its second rename this week, ClawdBot is now known as OpenClaw. We have updated the paths in this guide to match the latest changes. Background OpenClaw, previously known as MoltBot and ClawdBot, is an open-source, self-hosted personal AI agent that is run locally. It is advertised as a digital assistant that

Shai-Hulud 2.0 is an aggressive, automated NPM supply chain attack. Get the full analysis on credential theft, GitHub backdoors, and IOCs.

Summary Large language models (LLMs) have rapidly transformed industries, becoming invaluable tools for automation, coding assistance, and research. However, their widespread adoption raises several critical cybersecurity questions. Is it feasible to create agentic malware composed solely of LLM prompts and minimal code, thereby eliminating the need to hardcode detectable instructions? How effective are LLMs at

Summary Gamers are a hot target for infostealers these days. This blog post is the second we have published this month about an infostealer targeting gamers, with the previous one describing a Python-based malware targeting Discord. This blog post focuses on RedTiger, a red-teaming tool from which we have seen multiple payloads circulating in the

Summary During threat hunting activities, Netskope discovered a new, multi-function Python RAT that leverages the Telegram Bot API as a command and control (C2) channel, allowing attackers to exfiltrate stolen data and remotely interact with victim machines. The malware attempts to add a layer of legitimacy by using the name “Nursultan Client” in its persistence

Summary In the first two parts (1, 2) of this series, we broke down how the Model Context Protocol (MCP) works and explored attacks like tool poisoning and cross-server tool shadowing. In this post, we turn to two of the most subtle and dangerous risks facing MCP-enabled environments: Both techniques demonstrate a hard truth: LLMs

Summary In Part 1 of this blog series, we explored the architecture, capabilities, and risks of the Model Context Protocol (MCP). In this post, we will focus on two attack vectors in the MCP ecosystem: prompt injection via tool definitions and cross-server tool shadowing. Both exploit how LLMs trust and internalize tool metadata and responses,

Summary The Domain Name System (DNS) is a critical component of internet infrastructure, responsible for translating human-readable domain names into IP addresses. However, the ubiquitous nature and often-overlooked security aspects of DNS make it a prime target for malicious actors.  This blog post investigates the tools used for data exfiltration over DNS, the techniques involved,