Threat Labs Netskope

The post Securing LLM Superpowers: Navigating the Wild West of MCP appeared first on Netskope. Summary The Model Context Protocol (MCP) is a standardized framework that enables large language models (LLMs) to interact with external tools, APIs, and data sources. While MCP offers powerful integration capabilities across software development, data analysis, automation, and security operations, it also introduces serious security risks. This post provides a technical overview of how MCP The post Securing LLM Superpowers: Navigating the Wild West of MCP appeared first on Netskope.

The post Netskope BEAM: Open Source Detector for Supply Chain Compromise appeared first on Netskope. Netskope Threat Labs is pleased to announce the release of a new open-source tool that detects supply chain attacks. Our new tool, Behavioral Evaluation of Application Metrics (BEAM), requires no endpoint agent deployment and will analyze the network traffic you are already capturing in your organization to determine if your applications are communicating with unusual The post Netskope BEAM: Open Source Detector for Supply Chain Compromise appeared first on Netskope.

The post XWorm V6: Advanced Evasion and AMSI Bypass Capabilities Revealed appeared first on Netskope. Summary In September 2024, Netskope Threat Labs reported on the XWorm malware and its infection chain. We revealed new XWorm command and control (C2) commands and dissected its notable features. After nearly a year of tracking this malware, we discovered a new version (version 6.0) in the wild, which introduced new features such as process The post XWorm V6: Advanced Evasion and AMSI Bypass Capabilities Revealed appeared first on Netskope.

The post DeepSeek Deception: Sainbox RAT & Hidden Rootkit Delivery appeared first on Netskope. Summary Netskope Threat Labs has discovered a campaign using fake installers to deliver the Sainbox RAT and Hidden rootkit. During our threat hunting activities, we encountered multiple installers disguised as legitimate software, including WPS Office, Sogou, and DeepSeek. These installers were mainly MSI files that were delivered via phishing websites. Both the phishing pages and The post DeepSeek Deception: Sainbox RAT & Hidden Rootkit Delivery appeared first on Netskope.

The post To Grok or Not To Grok: For 29% of Enterprises…There Is No Question appeared first on Netskope. Grok is a chatbot developed by Elon Musk’s xAI. It was initially released to select individuals in November 2023 and became generally available to all X (formerly Twitter) users in December 2024. With the release of Grok-3 in February, Grok’s popularity rose rapidly. However, that rise was short-lived, and its user base in the enterprise The post To Grok or Not To Grok: For 29% of Enterprises…There Is No Question appeared first on Netskope.

The post Glitch-hosted Phishing Uses Telegram & Fake CAPTCHAs to Target Navy Federal Credit Union Customers appeared first on Netskope. Summary From January to April 2025, Netskope Threat Labs tracked a three-fold increase in traffic to phishing pages created on the Glitch platform. These phishing campaigns have affected more than 830 organizations and over 3,000 users since January 2025, primarily targeting Navy Federal Credit Union members and seeking sensitive information. Still, they also go after The post Glitch-hosted Phishing Uses Telegram & Fake CAPTCHAs to Target Navy Federal Credit Union Customers appeared first on Netskope.

The post Netskope Threat Coverage: Scattered Spider appeared first on Netskope. The adversary group commonly referred to as Scattered Spider is also tracked as UNC3944, Muddled Libra, Octo Tempest, Starfraud, Scatter Swine, 0ktapus, Roasted 0ktapus, and Storm-0875. Active since at least 2022, this financially motivated group has rapidly gained notoriety for its social engineering campaigns and ransomware attacks, which span multiple sectors. Initially focused on telecom The post Netskope Threat Coverage: Scattered Spider appeared first on Netskope.

The post PureHVNC RAT Using Fake High-level Job Offers from Fashion and Beauty Brands appeared first on Netskope. Summary In recent months, the Netskope Threat Labs team has observed several different campaigns delivering the PureHVNC RAT and its plugins. In 2024, the same malware was observed being delivered via a Python chain, and a few days ago, it was also observed using genAI sites to lure victims. In this blog post, we’ll describe The post PureHVNC RAT Using Fake High-level Job Offers from Fashion and Beauty Brands appeared first on Netskope.

The post New DOGE Big Balls Ransomware Tools in the Wild appeared first on Netskope. Summary During the Netskope Threat Labs hunting activities, we came across a payload that led us to a multi-stage chain involving several custom PowerShell scripts, open source tools (such as Mimikatz and Rubeus), vulnerable drivers being exploited, and red team framework payloads (such as Havoc). After further investigation, we discovered these files were part of The post New DOGE Big Balls Ransomware Tools in the Wild appeared first on Netskope.

The post New Evasive Campaign Delivers LegionLoader via Fake CAPTCHA & CloudFlare Turnstile appeared first on Netskope. Starting February 2025, Netskope Threat Labs has tracked and reported on multiple phishing and malware campaigns targeting victims searching for PDF documents on search engines. Once they open the PDFs, the attackers employ various techniques to direct these victims to malicious websites or trick them into downloading malware.  While tracking these threats, we discovered a The post New Evasive Campaign Delivers LegionLoader via Fake CAPTCHA & CloudFlare Turnstile appeared first on Netskope.