Misused legitimate remote administration tools remain one of the hardest threats to detect. They don’t rely on custom malware, exploit kits, or obvious red flags—instead, they blend in with everyday IT operations. To traditional security controls, these tools often look indistinguishable from normal administrative activity. This attack highlights how attackers continue to weaponize legitimate software, and why browser-level visibility is critical for modern detection and response.

ConsentFix is a newly observed browser-based phishing technique. Named based on its purported predecessor, ClickFix, ConsentFix has similar social engineering prompts to ClickFix attacks. However, where ClickFix requires a user to paste malicious commands to compromise the host device, ConsentFix tricks a user into pasting an OAuth authorization code to an attacker-controlled site, thereby compromising the victim’s cloud account.

These acronyms get thrown around in articles and vendor decks, sometimes interchangeably. For security teams responsible for protecting users in the browser, clarifying that confusion matters. This post is a quick reference to help you keep them straight, understand how they work, and where Browser Detection & Response (BDR) solutions help.

When phishing attacks use evasive tactics, traditional security tools often fail to detect the browser-based threats. In this phishing attack, a legitimate Microsoft SharePoint site was used as a stepping stone between a phishing email and a highly evasive credential-harvesting webpage.

Attackers are using a quality-of-life browser capability to smuggle malware from the browser onto the endpoint—but they need a way to execute it. Read more to find out about cache smuggling, why it’s a modern browser threat, and how to prevent it.

An extensive browser extension campaign recently came to light that turned add-ons from reputable publishers into powerful spyware with the ability to execute dynamic code. Here’s what you need to know about the ShadyPanda campaign, noteworthy gaps in browser marketplaces, and how to defend against and respond to malicious extensions.

Discover how a drive-by download from a spoofed SSA domain exposed the growing security blind spot created by Shadow SaaS. This article explores how personal email and unmanaged browser activity on corporate devices can bypass traditional defenses—and why stronger browser visibility and controls are essential.

A recent phishing attack exploited the trust security tools have in Zoom Docs, the collaborative workspace feature of Zoom, to host intermediary phishing pages designed to steal user credentials.

ClickFix isn’t just a threat when interacting with malicious sites; it’s a threat that can pop up on any website. What began as a search for a financial term almost ended with a covert deployment of fileless malware on their machine.

Discover what OpenAI’s new ChatGPT Atlas means for enterprise security teams. Learn how this AI-powered browser redefines web interaction, why it’s not yet enterprise-ready, and how to safely pilot Atlas while maintaining compliance and browser security controls.

An email about updated 2025 fiscal year benefits, sent through a business management platform, led an employee to a malicious site designed to steal work credentials. What looked like a normal business email slipped past every early control—until browser-native security detected it.

To support CISOs navigating conversations around GenAI usage and risks, Keep Aware has released a new Template for CISO GenAI Presentation to the Board or AI Committee. This free resource provides a structured framework to help security leaders communicate clearly, bridge the technical-to-business gap, and address the questions boards care about most.