SquareX

NEW ATTACK DISCOVERED: POLYMORPHIC EXTENSIONS SquareX research team has disclosed "Polymorphic Extensions" - which can morph #infostealers into any browser extension, including password managers and crypto wallets. These malicious extensions create perfect replicas of the target's icon, HTML popup, and workflows, while temporarily disabling the legitimate extension. Using these visual cues, attackers can trick victims into entering credentials that provide full access to sensitive information and financial assets. What makes this attack deadly: ? Only requires medium risk permissions based on #Chrome Store's classification ? Uses permissions common in legitimate tools, making detection difficult ? Cannot be patched as it exploits existing Chrome features ? Completely bypasses static analysis and permissions-based policies As our founder Vivek Ramachandran notes, "Browser extensions present a major risk to enterprises today. Unfortunately, most organizations have no way of auditing their current extension footprint and checking whether they are malicious." For full technical details and attack demonstration, visit https://lnkd.in/g6aVbbHV #cybersecurity #browsersecurity #enterprisesecurity #BDR

More often than not, we see threat actors use a compromised account as an entry way into enterprise networks and data. Now the question is, how to really protect your employee accounts from compromise? This is yet another problem that EDRs and Secure Web Gateways won't be able to help with as they are not context-aware to what's happening on the web page. Their brand impersonation detection remains limited because they rely primarily on network requests, URL reputation, and web resources. Attackers bypass these easily using numerous techniques, to name a few: - Hosting brand impersonating sites on trusted domains like Google Sites - Using MHTML and Raw HTML to smuggle malicious payloads - Adding CAPTCHA gates to avoid automated crawlers Tons of security problems that only a browser detection and response solution can solve. SquareX BDR helps to address the root cause of account compromise rather than just its symptoms. #infosec #APT #threatactor #cybersecurity #securityawareness #enterprisesecurity

???Climbing the Cybersecurity Ladder: From Bar Owner to Top CISO From owning a bar in the 90s to becoming a top 100 CISO globally – Darren Argyle's career path defies convention. In this upcoming episode of the Be Fearless Podcast with Aleksandra Melnikova, Darren shares his remarkable path from being a bar manager in the UK to becoming a recognized global #CISO and cybersecurity educator. ?? The Path to a Million-Dollar Salary Darren discusses his five principles for fast-tracking your cybersecurity career, including the foundations needed for success and strategic moves most professionals overlook when building wealth in the industry. ?? Browser Security Challenges in Financial Services “The browser is a single point of failure for any organization.” Darren explains how financial institutions face heightened risks and impact from browser-based attacks including #browsersyncjacking and malicious extensions. ?? Building Your Authority in Cybersecurity “One of the first things that holds most people back is literally just having the confidence to do something about their personal brand.” Darren outlines specific strategies for building authority in cybersecurity, emphasizing that even posts with minimal engagement can still reach thousands of potential connections. Stay tuned for the full episode — coming soon! #cybersecurity #browsersecurity #enterprisesecurity

It's time for the much awaited CISO Dinner hosted by SquareX! Excited to have Jeff Moss (Founder of Black Hat and DEF CON) and Vivek Ramachandran (Founder of SquareX and Pentester Academy) as hosts of the CISO networking dinner. We will be diving deep on the critical topic: "The Browser is Eating the Endpoint: Why Enterprises Need to 'Shift Up'" exploring how the browser has evolved from a simple website renderer to a complex superapp. With users now spending 85% of device time in browsers, enterprise data moving to cloud storage, and critical applications shifting to SaaS models, we're witnessing a fundamental transformation in the enterprise attack surface that traditional security approaches aren't equipped to handle! If you are a CISO and would like to attend, please register below or reach out to me or Aleksandra Melnikova to help you with the registration! See you there!

The Singapore government will invest $150 million in 2025 to help businesses integrate AI solutions, as announced today by Desmond Tan, Senior Minister of State, at the IndSights Research Business Leaders Forum. #AI adoption is moving fast, but one challenge stood out—data security remains a top concern for businesses. It’s clear that while companies are eager to innovate, uncertainty around managing sensitive information is still a roadblock. I had the chance to hear from Kok Fatt Lee, 王君豪Heng Koon How, Ken Soh, and Jasper Lee during today’s panel on how businesses should navigate the current 'T era'—whether through AI adoption, trading strategies, or supply chain resilience. Discussions like these highlight just how much businesses are balancing innovation with security. Plenty to think about moving forward.

On April 1st, SquareX is hosting our next round of the CISO Roundtable Dinner with Jeff Moss! Vivek Ramachandran, Founder of SquareX and Pentester Academy and Jeff Moss, Founder of Black Hat and DEF CON, on an exclusive panel discussion and dinner, will be discussing: ?? Key trends behind browsers becoming the new endpoint ?? Challenges with existing solutions ?? Web attack case studies ?? The future of browser security This invitation-only event will offer security leaders a rare opportunity to discuss today's most pressing browser security challenges in an intimate setting with one of the industry's most influential voices. #cybersecurity #browsersecurity #enterprisesecurity #BDR

?????? S2E10 of The Boring AppSec Podcast (the final episode of the founders edition) with Vivek Ramachandran (Founder of SquareX) is out now! ????? In this episode, amongst many other things, we covered the impact of AI on cybersecurity. Vivek shared his thoughts on some of the challenges in an AI-first world wrt workers i.e. those not focussing on the fundamentals and blindly trusting what AI is throwing at them are likely not going to gain much from it. But, those who are approaching it from an "efficiency gain" perspective in their niche areas will likely stand out and be the most sought after in the next few years. I couldn't agree more! You don't want to miss this episode where the rate of wisdom dropped per minute was astronomical. Please listen in! Links will be in comments! cc: Sandesh Mysore Anand #appsec #appsecurity #security #softwaresecurity #productsecurity #cybersecurity #founders #llm #ai

???Our Field CISO John Carse will be hosting his inaugural Be Fearless Podcast with Mike Cunningham from MITRE this week! Here's a fun fact on Mike: Did you know he isn't just their R&D Program Manager? He's also an Assistant Track And Field Coach at Westview High School! Curious how his coaching experience connects to cybersecurity strategy and defense? We can't wait to share this insightful conversation that bridges two seemingly different worlds. Follow us for updates on the full episode! #cybersecurity #browsersecurity #enterprisesecurity #BDR

Folks: You won't want to miss this! On March 25th, Jerry H. will be presenting at the Bay Area OWASP meet-up on the growing trend of client-side web attacks targeting the browser, and how to protect your employees and contractors from becoming the next victim. SquareX

The discovery of Polymorphic Extensions represents a significant shift in the browser security landscape. These attacks can steal credentials by mimicking the extensions users trust most. Once credentials are harvetsed through this technique, attackers can: ??Gain access to all the passwords stored in the password manager vault to access any of the victim's SaaS app account to exfiltrate data ??Impersonate the victim to propagate phishing campaigns to the victim's contacts ??Unauthorized transfer of cryptocurrencies using crypto wallets ??And more..... Join our live webinar to understand how your organization can protect against this advanced threat that's changing how we think about browser extension security: https://sqrx.io/l120325_5 #cybersecurity #browsersecurity #enterprisesecurity #BDR John Carse