On February 12, 2025, Netskope Threat Labs reported a widespread phishing campaign using fake CAPTCHA images via Webflow CDN to trick victims searching for PDF documents on search engines. These PDF files lead to phishing sites designed to pilfer victims’ credit card and personal information. As we hunted for similar phishing campaigns, we discovered many more phishing PDF files with fake CAPTCHAs distributed across multiple domains.

An enterprise browser (EB) on its own provides a secure managed environment on unmanaged devices and BYOD for web access to company applications and resources. However, alone as an island, EB often lacks TLS traffic inspection and the ability to provide data security and DLP controls.

As part of Netskope Threat Labs hunting activities, we came across an IoC being shared by other researchers and decided to take a closer look at it. During the analysis, we discovered that the payload was apparently still under development, but is already fully functional. The malware acts like a backdoor and uses Telegram as its command and control (C2) channel.

Leading technically qualified people can be inherently complex and enigmatic. This unique workforce of incredibly smart people requires a different leadership approach than what might commonly be used in many other workforces.

Netskope Threat Labs is tracking a widespread phishing campaign affecting hundreds of Netskope customers and thousands of users. The campaign aims to steal credit card information to commit financial fraud, and has been ongoing since the second half of 2024. The attacker targets victims searching for documents on search engines, resulting in access to malicious PDF that contains a CAPTCHA image embedded with a phishing link, leading them to provide sensitive information.

Today’s businesses rely on third-party vendors, contractors, and partners to operate efficiently more than ever. But every external connection introduces a risk—especially when it comes with overly permissive access. If not properly managed, this can become a significant vulnerability. Attackers know this, and they actively exploit these weak points.

The rapid rise of generative AI (genAI) applications is reshaping enterprise technology strategies, pushing security leaders to reevaluate risk, compliance, and data governance policies. The latest surge in DeepSeek usage is a wake-up call for CISOs, illustrating how quickly new genAI tools can infiltrate the enterprise. In only 48 hours, Netskope Threat Labs observed a staggering 1,052% increase in DeepSeek usage across our customer base.

DeepSeek’s latest large language models (LLMs), DeepSeek-V3 and DeepSeek-R1, have captured global attention for their advanced capabilities, cost-efficient development, and open-source accessibility. These innovations have the potential to be transformative, empowering organizations to seamlessly integrate LLM-based solutions into their products. However, the open-source release of such powerful models also raises critical concerns about potential misuse, which must be carefully addressed.

This blog is a follow-up to the post Opportunities & Risks for Digital-first Leaders in Business-led IT The days of shadow IT as an unregulated threat are over. Business-led IT represents a fundamental shift in how organizations innovate and operate. To succeed in this new reality, CIOs must embrace what I call the “New CIO” mindset.