The once-overlooked ‘stepchild’ in security strategies is the modern attacker’s go-to battleground; it’s time we give the browser the security it deserves.

From multi-step phishing to malware reassembly, new attack methods make it critical for security teams to rethink detection and response at the browser layer. This article examines three key areas where attackers focus their efforts and how browser-based attacks are evolving.

The browser is the single most important application in work today. While organizations increasingly shift toward browser-centric workflows, attackers have followed. In 2024, browser-based malware became the primary attack vector, accounting for 70% of all observed malware cases, while traditional email-based delivery plummeted to just 15%—a seismic shift in cybercriminal tactics. The research in this report validates what security teams have long suspected: traditional defenses are no longer enough to protect a workforce that operates inside the browser.

The old paradigms of web security no longer apply. Attackers aren’t relying on “known bad” sites—they’re abusing trusted infrastructure. The browser has become the central work environment, yet security teams lack a proper data model for it. And the line between enterprise and consumer applications has blurred beyond recognition.

In 2024, attackers targeted browsers through compromised extensions, JavaScript libraries, and consent phishing. Discover how to safeguard your organization from these growing threats with effective supply chain risk management.

From the abuse of legitimate platforms to the extensiveness of malicious ads, this article provides an overview of the most common browser-based threats observed in 2024.

Cyberhaven, a data loss prevention cybersecurity company, suffered a breach through the compromise of a Chrome Web Store administrative account. A malicious extension was published under its account.

ClearFake, a malicious Javascript framework, has evolved its techniques multiple times since its inception and now leverages compromised sites, smart contracts, and a user's clipboard to dupe unsuspecting victims into providing a bad actor with initial access.

For security teams, this is a blind spot. The browser, while essential for productivity, presents an increasingly complex security challenge. Threats evolve quickly, targeting human error, sensitive data, and business-critical operations that flow through this workspace daily. Extending security operations to every browser in your organization is no longer optional—it’s essential.

A multi-year campaign of malware extensions first infect browsers through malvertising and ultimately lead to data loss and arbitrary code execution.

Recently, threat researchers uncovered a critical vulnerability known as '0.0.0.0 Day', which reveals a significant gap in the security mechanisms of browsers like Chrome and Firefox.

Keep Aware has observed phishing attacks that use legitimate domains to host links that eventually lead to a credential stealing web page. This article focuses on commonalities between two recent phishing attacks that require a victim to click links on multiple legitimate domains before ultimately landing on a fake login page.