The browser extension risk landscape doesn’t have to be convoluted. Our practitioner’s guide conveys the necessary information to communicate and overcome the challenges of assessing and managing browser add-ons.

Two active phishing campaigns have hijacked over 100 legitimate domains as stealthy stepping stones—proof that age‑ and reputation‑based blocking fails and inline, page‑level browser inspection and protection are essential to prevent phishing

A recent phishing attack observed in a live environment exhibits the abuse of trusted domains, the practice of server-side phishing email validation, and the critical need for browser-based, zero-day phishing protection.

Our analysis of an attempted phishing attack against our co-founder reveals how compromised business emails, trusted platforms like DocSend, and evasive tactics like CAPTCHAs and anti-analysis techniques are being weaponized in modern phishing attacks.

The FBI’s 2024 Internet Crime Report highlights a record $16.6B in cybercrime losses, with major threats including investment scams, ransomware, and BEC. This post summarizes key trends and explains why browser-level protection is critical as threats increasingly target users where they interact most.

AI policy is only the first step. Learn how to gain visibility and enforce AI use directly in the browser.

Discover how sophisticated SVG phishing email attachments bypass security: a real-world case study of an attack using malicious SVG files to redirect victims to a fake Microsoft login while secretly tracking which users clicked.

The FBI warns of malicious file converter sites targeting enterprises. These websites appear to offer free file conversions but instead deliver malware, aiming to compromise users’ devices and steal sensitive data.

A highly evasive phishing attack employs gated CAPTCHAs requiring personalized passcodes and leverages compromised email accounts to bypass traditional security measures. Discover why these sophisticated techniques underscore the need for protection against zero-day phishing.

Traditional DLP solutions miss critical risks as employees handle sensitive data through browsers. With 39% of Google web activity involving personal accounts and data constantly moving through SaaS apps, organizations need browser-level security that follows data rather than enforcing perimeter-based controls.

The once-overlooked ‘stepchild’ in security strategies is the modern attacker’s go-to battleground; it’s time we give the browser the security it deserves.

From multi-step phishing to malware reassembly, new attack methods make it critical for security teams to rethink detection and response at the browser layer. This article examines three key areas where attackers focus their efforts and how browser-based attacks are evolving.