Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In today’s security landscape, visibility and real-time insights into your organization’s data are critical for effective threat hunting and incident management. To meet these needs, Netskope has developed a native integration with Microsoft Sentinel using the Codeless Connector Platform—allowing organizations to easily stream all CASB alerts, DLP incidents, and threat logs into Microsoft’s cloud-native SIEM.

Over the past 10 years, the Okta Businesses at Work report has shown the strength of collaboration and security apps, with Slack emerging in 2015 as the fastest growing app. In the intervening decade, we have also been through a pandemic, smartphone saturation, and an increasingly cloud-focused world that touches both work and personal lives.

In February 2025, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published a cybersecurity advisory to share information about the Ghost (Cring) ransomware and its techniques. The group behind this ransomware started its activities around 2021 by attacking public-facing applications running outdated versions.

For years, IT teams have been stuck in a reactive mode, scrambling to fix network performance issues only after users start complaining. Despite an abundance of monitoring tools, the real challenge has always been identifying and resolving issues before they impact productivity—without spending countless hours on manual troubleshooting.

On February 12, 2025, Netskope Threat Labs reported a widespread phishing campaign using fake CAPTCHA images via Webflow CDN to trick victims searching for PDF documents on search engines. These PDF files lead to phishing sites designed to pilfer victims’ credit card and personal information. As we hunted for similar phishing campaigns, we discovered many more phishing PDF files with fake CAPTCHAs distributed across multiple domains.

An enterprise browser (EB) on its own provides a secure managed environment on unmanaged devices and BYOD for web access to company applications and resources. However, alone as an island, EB often lacks TLS traffic inspection and the ability to provide data security and DLP controls.

As part of Netskope Threat Labs hunting activities, we came across an IoC being shared by other researchers and decided to take a closer look at it. During the analysis, we discovered that the payload was apparently still under development, but is already fully functional. The malware acts like a backdoor and uses Telegram as its command and control (C2) channel.

Leading technically qualified people can be inherently complex and enigmatic. This unique workforce of incredibly smart people requires a different leadership approach than what might commonly be used in many other workforces.