Ray Canzanese
@canzanese.com
Director of Netskope Threat Labs
Resident of Philadelphia
Graduate of Drexel University
#cybersecurity #infosec
Post mostly about cybersecurity stuff.
Resident of Philadelphia
Graduate of Drexel University
#cybersecurity #infosec
Post mostly about cybersecurity stuff.
Is writing malware that generates all of its malicious routines on the fly from prompts using ChatGPT possible? Read more on the Netskope Threat Labs blog. www.netskope.com/blog/the-fut...
The Future of Malware is LLM-powered
Summary Large language models (LLMs) have rapidly transformed industries, becoming invaluable tools for automation, coding assistance, and research.
www.netskope.com
November 26, 2025 at 3:56 PM
Is writing malware that generates all of its malicious routines on the fly from prompts using ChatGPT possible? Read more on the Netskope Threat Labs blog. www.netskope.com/blog/the-fut...
Netskope's manufacturing threat report highlights growing incidents of sensitive data exposure as AI apps gain popularity, malware coming in over trusted cloud apps, and more...
www.netskope.com/resources/th...
www.netskope.com/resources/th...
Netskope Threat Labs Report: Manufacturing 2025
Learn how organizations in the Manufacturing sector are tackling the evolving cybersecurity landscape, including malware, genAI, AI Agents, and data security.
www.netskope.com
November 13, 2025 at 4:27 PM
Netskope's manufacturing threat report highlights growing incidents of sensitive data exposure as AI apps gain popularity, malware coming in over trusted cloud apps, and more...
www.netskope.com/resources/th...
www.netskope.com/resources/th...
Netskope Threat Labs' newest member is Vini Egerland! I look forward to sharing some of the awesome projects Vini is cooking up in the near future!
November 12, 2025 at 5:11 PM
Netskope Threat Labs' newest member is Vini Egerland! I look forward to sharing some of the awesome projects Vini is cooking up in the near future!
Our Netskope Private Access team has an opening for a Distinguished Engineer in the US. Please reach out if you have questions: www.linkedin.com/jobs/view/42...
Netskope hiring Distinguished Engineer, NPA in Santa Clara, CA | LinkedIn
Posted 10:11:57 AM. About NetskopeToday, there's more data and users outside the enterprise than inside, causing the…See this and similar jobs on LinkedIn.
www.linkedin.com
October 23, 2025 at 12:54 PM
Our Netskope Private Access team has an opening for a Distinguished Engineer in the US. Please reach out if you have questions: www.linkedin.com/jobs/view/42...
TRUMP NATIONAL COMMITTEE JFC is spaming texts urging recipients to fill out the census. This is not the census, it is a pretext to trick victims into recurring donations. Initial link is to us-25[.]net, which redirects to winred[.]com, complete with dark patterns, emotion, and urgency.
October 9, 2025 at 7:04 PM
TRUMP NATIONAL COMMITTEE JFC is spaming texts urging recipients to fill out the census. This is not the census, it is a pretext to trick victims into recurring donations. Initial link is to us-25[.]net, which redirects to winred[.]com, complete with dark patterns, emotion, and urgency.
The Netskope Threat Labs team is #hiring experienced researchers in Brazil, Spain, and Portugal! The team is a fully remote team focused on innovation and thought leadership, researching problems including supply chain security, AI security, and command and control.
www.netskope.com/company/care...
www.netskope.com/company/care...
September 25, 2025 at 8:31 PM
The Netskope Threat Labs team is #hiring experienced researchers in Brazil, Spain, and Portugal! The team is a fully remote team focused on innovation and thought leadership, researching problems including supply chain security, AI security, and command and control.
www.netskope.com/company/care...
www.netskope.com/company/care...
GitHub status is green, but I'm getting the uniorn. Is it just me?
September 25, 2025 at 3:59 PM
GitHub status is green, but I'm getting the uniorn. Is it just me?
$NTSK is officially trading! I've been here for 7 years, and at my previous company (acquired by Netskope) for another 3 -- 10 years spent building products, enabling the field, and ultimately building a research team that I am extremely proud of! netskope.com/threat-labs
September 18, 2025 at 5:17 PM
$NTSK is officially trading! I've been here for 7 years, and at my previous company (acquired by Netskope) for another 3 -- 10 years spent building products, enabling the field, and ultimately building a research team that I am extremely proud of! netskope.com/threat-labs
In honor of Steven Crowe, who passed away after a brutal battle with acute myeloid leukemia, we fund groundbreaking research. Thanks to your past support, two projects are making a huge impact! Please join us in continuing this life-saving work.
give.curesearch.org/fundraiser/6...
give.curesearch.org/fundraiser/6...
September 11, 2025 at 5:28 PM
In honor of Steven Crowe, who passed away after a brutal battle with acute myeloid leukemia, we fund groundbreaking research. Thanks to your past support, two projects are making a huge impact! Please join us in continuing this life-saving work.
give.curesearch.org/fundraiser/6...
give.curesearch.org/fundraiser/6...
Securing LLMs and the Model Context Protocol requires new thinking. Our latest blog post highlights prompt injection via tool definitions & cross-server tool shadowing. Traditional security isn't enough; we need zero trust & strong isolation.
www.netskope.com/blog/securin...
#LLM #AI #Cybersecurity
www.netskope.com/blog/securin...
#LLM #AI #Cybersecurity
Securing LLM Superpowers: When Tools Turn Hostile in MCP
Summary In Part 1 of this blog series, we explored the architecture, capabilities, and risks of the Model Context Protocol (MCP). In this post, we will
www.netskope.com
September 5, 2025 at 10:30 AM
Securing LLMs and the Model Context Protocol requires new thinking. Our latest blog post highlights prompt injection via tool definitions & cross-server tool shadowing. Traditional security isn't enough; we need zero trust & strong isolation.
www.netskope.com/blog/securin...
#LLM #AI #Cybersecurity
www.netskope.com/blog/securin...
#LLM #AI #Cybersecurity
Reposted by Ray Canzanese
The ⏰'s ticking! Our #CallForPapers for #BSidesPhilly is still open, but the submission deadline is S9/15! Don't miss your chance to share your research & expertise with the Philly #cybersecurity community. Submit now before it's too late!
🔗 bsidesphilly.org/call-for-pap... #Infosec
🔗 bsidesphilly.org/call-for-pap... #Infosec
September 3, 2025 at 11:17 PM
The ⏰'s ticking! Our #CallForPapers for #BSidesPhilly is still open, but the submission deadline is S9/15! Don't miss your chance to share your research & expertise with the Philly #cybersecurity community. Submit now before it's too late!
🔗 bsidesphilly.org/call-for-pap... #Infosec
🔗 bsidesphilly.org/call-for-pap... #Infosec
🤠 Welcome to the Wild West of AI. LLMs are powerful, but the way they connect to tools can be dangerously insecure. Our latest blog provides a detailed yet accessible overview of MCP security.
#LLM #AIsecurity #Cybersecurity #MCP
www.netskope.com/blog/securin...
#LLM #AIsecurity #Cybersecurity #MCP
www.netskope.com/blog/securin...
Securing LLM Superpowers: Navigating the Wild West of MCP
Summary The Model Context Protocol (MCP) is a standardized framework that enables large language models (LLMs) to interact with external tools, APIs, and
www.netskope.com
August 19, 2025 at 8:55 PM
🤠 Welcome to the Wild West of AI. LLMs are powerful, but the way they connect to tools can be dangerously insecure. Our latest blog provides a detailed yet accessible overview of MCP security.
#LLM #AIsecurity #Cybersecurity #MCP
www.netskope.com/blog/securin...
#LLM #AIsecurity #Cybersecurity #MCP
www.netskope.com/blog/securin...
We found what looks like a new version of XWorm, indicating that it is under active development focused on detection evasion. We expect to be seeing it used to target more victims in the near future. www.netskope.com/blog/xworm-v...
#infosec #malware
#infosec #malware
XWorm V6: Advanced Evasion and AMSI Bypass Capabilities Revealed
Summary In September 2024, Netskope Threat Labs reported on the XWorm malware and its infection chain. We revealed new XWorm command and control (C2)
www.netskope.com
July 30, 2025 at 3:23 PM
We found what looks like a new version of XWorm, indicating that it is under active development focused on detection evasion. We expect to be seeing it used to target more victims in the near future. www.netskope.com/blog/xworm-v...
#infosec #malware
#infosec #malware
I'm hiring a fully remote threat research position for Netskope Threat Labs and will be in Vegas for BlackHat next week. Please DM me if you are interested in the role and want to meet up in person. I have positions open in Brazil and Spain.
July 29, 2025 at 5:33 PM
I'm hiring a fully remote threat research position for Netskope Threat Labs and will be in Vegas for BlackHat next week. Please DM me if you are interested in the role and want to meet up in person. I have positions open in Brazil and Spain.
I am #hiring for a threat research position in Brazil focused on network/cloud/ai security. Please reach out if interested. www.netskope.com/company/care...
Open Positions
Join the leading cloud security platform team and industry leaders in security, networking, threat protection, cloud, mobile, and more.
www.netskope.com
July 25, 2025 at 6:26 PM
I am #hiring for a threat research position in Brazil focused on network/cloud/ai security. Please reach out if interested. www.netskope.com/company/care...
Grammarly often suggests that I move my adverbs to split my infinitives. If I accept the suggestion, Grammarly is upset and suggests that I move the adverb back because splitting infinitives is bad. I like to assume that this is some genAI slop and heuristics battling it out behind the scenes.
July 24, 2025 at 5:20 PM
Grammarly often suggests that I move my adverbs to split my infinitives. If I accept the suggestion, Grammarly is upset and suggests that I move the adverb back because splitting infinitives is bad. I like to assume that this is some genAI slop and heuristics battling it out behind the scenes.
"I don't have a password, so I can't connect," the hacker says in one call. The agent replies, "Oh, OK. OK. So let me provide the password to you OK?"
Lawsuit says Clorox hackers got passwords simply by asking
www.reuters.com/legal/govern...
www.reuters.com/legal/govern...
Lawsuit says Clorox hackers got passwords simply by asking
Bleach maker Clorox said Tuesday that it has sued information technology provider Cognizant over a devastating 2023 cyberattack, alleging that the hackers pulled off the intrusion simply by asking the tech company's staff for employees' passwords.
www.reuters.com
July 23, 2025 at 8:07 AM
"I don't have a password, so I can't connect," the hacker says in one call. The agent replies, "Oh, OK. OK. So let me provide the password to you OK?"
@defcon.bsky.social Red Team Village schedule hot off the presses. Netskope Threat Labs' own Hubert Lin will be running his reverse port knocking workshop Saturday morning at 11! Hope to see you there.
www.netskope.com/netskope-thr...
www.netskope.com/netskope-thr...
July 14, 2025 at 3:25 PM
@defcon.bsky.social Red Team Village schedule hot off the presses. Netskope Threat Labs' own Hubert Lin will be running his reverse port knocking workshop Saturday morning at 11! Hope to see you there.
www.netskope.com/netskope-thr...
www.netskope.com/netskope-thr...
Weird spam email this morning. No links. No images. Just some text. Is this some kind of bizarre marketing campaign?
July 10, 2025 at 4:45 PM
Weird spam email this morning. No links. No images. Just some text. Is this some kind of bizarre marketing campaign?
Fake DeepSeek installers are delivering the Sainbox RAT and Hidden rootkit. Our latest blog details how this campaign, attributed to the Silver Fox group, works. #malware #RAT #rootkit #infosec
www.netskope.com/blog/deepsee...
www.netskope.com/blog/deepsee...
June 26, 2025 at 4:26 PM
Fake DeepSeek installers are delivering the Sainbox RAT and Hidden rootkit. Our latest blog details how this campaign, attributed to the Silver Fox group, works. #malware #RAT #rootkit #infosec
www.netskope.com/blog/deepsee...
www.netskope.com/blog/deepsee...
Reposted by Ray Canzanese
I wrote about how the telecom and Trump administration's response to the worst telecom hack in U.S. history is basically to pretend it never happened:
Salt Typhoon Hack Keeps Getting Worse, Telecoms Tell Employees To Stop Looking For Evidence Of Intrusion
Late last year, eight major U.S. telecoms were the victim of a massive intrusion by Chinese hackers who managed to spy on public U.S. officials for more than a year. The “Salt Typhoon” hack was so …
www.techdirt.com
June 20, 2025 at 3:58 PM
I wrote about how the telecom and Trump administration's response to the worst telecom hack in U.S. history is basically to pretend it never happened:
Does your security stack protect you against the latest generation of fake CAPTCHAs that evade browser-based defenses by tricking the victim into downloading the payload using the RUN dialog in Windows to download LegionLoader, LummaStealer, and more... www.netskope.com/blog/lumma-s....
June 17, 2025 at 4:26 PM
Does your security stack protect you against the latest generation of fake CAPTCHAs that evade browser-based defenses by tricking the victim into downloading the payload using the RUN dialog in Windows to download LegionLoader, LummaStealer, and more... www.netskope.com/blog/lumma-s....