For security teams, this is a blind spot. The browser, while essential for productivity, presents an increasingly complex security challenge. Threats evolve quickly, targeting human error, sensitive data, and business-critical operations that flow through this workspace daily. Extending security operations to every browser in your organization is no longer optional—it’s essential.

A multi-year campaign of malware extensions first infect browsers through malvertising and ultimately lead to data loss and arbitrary code execution.

Recently, threat researchers uncovered a critical vulnerability known as '0.0.0.0 Day', which reveals a significant gap in the security mechanisms of browsers like Chrome and Firefox.

Keep Aware has observed phishing attacks that use legitimate domains to host links that eventually lead to a credential stealing web page. This article focuses on commonalities between two recent phishing attacks that require a victim to click links on multiple legitimate domains before ultimately landing on a fake login page.

Keep Aware has uncovered evidence that Google Looker Studio is being abused by bad actors to host intermediate phishing pages.

Cloudflare public R2 buckets are being abused to host phishing pages.

Keep Aware’s Threat Research function shares recent analysis of Canva's platform abuse for phishing purposes.

An analysis of Microsoft Dynamics 365 standalone forms reveals that, in today's browsing threat landscape, 1 in 5 forms are threats.

The prevalence of security support scams and other social engineering sites remains a concern. In a threat post specifically about Microsoft security scam websites, our Threat Research team discussed recent web pages impersonating Microsoft that are falsely claiming a user’s device has been infected.

Keep Aware’s Threat Research division identified a recent batch of fraudulent Microsoft support sites. While these scam campaigns are not novel, they persist as an online security risk for all internet users.