illustration showing laptops, cell phones, and tablets protected by cloud-based browser security

How to mitigate the NetScaler vulnerability and protect your web applications

You may have seen the recent security bulletin from Citrix that advises NetScaler ADC and NetScaler Gateway customers that a vulnerability allows threat actors to gain access to the NetScaler administration console ...
illustration showing laptops, cell phones, and tablets protected by cloud-based browser security

How to mitigate the NetScaler vulnerability and protect your web applications

You may have seen the recent security bulletin from Citrix that advises NetScaler ADC and NetScaler Gateway customers that a vulnerability allows threat actors to gain access to the NetScaler administration console ...
illustration of fishing line catching browser window

EvilProxy Phishing Attack Strikes Indeed

Executive Summary Menlo Labs recently identified a phishing campaign targeting executives in senior level roles across various industries, but primarily Banking and Financial services, Insurance providers, Property Management and Real Estate, and ...
illustration of fishing line catching browser window

EvilProxy Phishing Attack Strikes Indeed

Executive Summary Menlo Labs recently identified a phishing campaign targeting executives in senior level roles across various industries, but primarily Banking and Financial services, Insurance providers, Property Management and Real Estate, and ...
illustration of puzzle pieces in front of a browser window

Browser Extensions: A Hidden Gateway for Cybercriminals

The way we work continues to evolve – shifting critical business applications from the hardened data center to the web browser. Users can log in from anywhere with an Internet connection and ...
illustration of websites on fishing hooks with text LURE

How Legacy URL Reputation Evasion (LURE) attacks easily bypass current security tech

Whether it’s the push for fully remote work, in-office work, or a hybrid workstyle, the conversation around how and where employees will work continues. But guess what? To cybercriminals, this conversation doesn’t ...
illustration of hacker on computer with text reading html smuggling

Digital smugglers: How attackers use HTML smuggling techniques to beat traditional security defenses

It’s hard to imagine a time when the web browser wasn’t the critical enterprise productivity app. Many enterprise workers born in the 1990s likely don’t recall when the web browser wasn’t the ...
illustration of web browser with warning symbol

Escalating evasive browser attacks: Understanding the whys

Cybersecurity is a perpetual challenge of strategy and adaptation. Threat actors find a vulnerability, and, eventually, security vendors plug the hole. Attackers find another way into the network, and a patch is ...
Illustration of computer window with key unlocking padlock, thief stealing credit cards, and text XeGroup

Not your average Joe: An analysis of the XeGroup’s attack techniques

Disclaimer: Menlo Labs has informed the appropriate law enforcement agencies on the intelligence presented in this report. Executive Summary XeGroup is a hacking group that has been active since at least 2013 ...
illustration of news anchor discussing HEAT breaking news

Real-world examples of Highly Evasive Adaptive Threats (HEAT) in the news

Despite some good news from the recently released 2023 CyberEdge Cyberthreat Defense Report (CDR), high-profile breaches continue to plague the industry. From Rackspace to Twitter to GitHub, businesses, organizations and government agencies ...