AI policy is only the first step. Learn how to gain visibility and enforce AI use directly in the browser.

Discover how sophisticated SVG phishing email attachments bypass security: a real-world case study of an attack using malicious SVG files to redirect victims to a fake Microsoft login while secretly tracking which users clicked.

The FBI warns of malicious file converter sites targeting enterprises. These websites appear to offer free file conversions but instead deliver malware, aiming to compromise users’ devices and steal sensitive data.

A highly evasive phishing attack employs gated CAPTCHAs requiring personalized passcodes and leverages compromised email accounts to bypass traditional security measures. Discover why these sophisticated techniques underscore the need for protection against zero-day phishing.

Traditional DLP solutions miss critical risks as employees handle sensitive data through browsers. With 39% of Google web activity involving personal accounts and data constantly moving through SaaS apps, organizations need browser-level security that follows data rather than enforcing perimeter-based controls.

The once-overlooked ‘stepchild’ in security strategies is the modern attacker’s go-to battleground; it’s time we give the browser the security it deserves.

From multi-step phishing to malware reassembly, new attack methods make it critical for security teams to rethink detection and response at the browser layer. This article examines three key areas where attackers focus their efforts and how browser-based attacks are evolving.

The browser is the single most important application in work today. While organizations increasingly shift toward browser-centric workflows, attackers have followed. In 2024, browser-based malware became the primary attack vector, accounting for 70% of all observed malware cases, while traditional email-based delivery plummeted to just 15%—a seismic shift in cybercriminal tactics. The research in this report validates what security teams have long suspected: traditional defenses are no longer enough to protect a workforce that operates inside the browser.

The old paradigms of web security no longer apply. Attackers aren’t relying on “known bad” sites—they’re abusing trusted infrastructure. The browser has become the central work environment, yet security teams lack a proper data model for it. And the line between enterprise and consumer applications has blurred beyond recognition.

In 2024, attackers targeted browsers through compromised extensions, JavaScript libraries, and consent phishing. Discover how to safeguard your organization from these growing threats with effective supply chain risk management.

From the abuse of legitimate platforms to the extensiveness of malicious ads, this article provides an overview of the most common browser-based threats observed in 2024.

Cyberhaven, a data loss prevention cybersecurity company, suffered a breach through the compromise of a Chrome Web Store administrative account. A malicious extension was published under its account.