Engineering @ SquareX

SquareX Labs - Medium

When security teams first spotted ClickFix in early 2024, few predicted it would last long in the threat landscape. Yet here we are in 2025, watching this simple attack continue its devastating march through organizations worldwide.Today, attackers don’t even need to create intricate algorithms to try to penetrate your enterprise ... Read More

SquareX’s Research Team Discovers a Vulnerability that Puts Millions of Users At RiskThe recent wave of OAuth attacks on Chrome extension developers have spotlighted browser extensions as a critical threat to enterprise security. However, most of these attacks have primarily been around data exfiltration or unauthorized access to specific web applications ... Read More

SquareX’s VDI Replacement Solution — Contractor & Developer Access through Secure Private EnvironmentsModern Virtual Desktop Infrastructure (VDI) solutions and Desktop as a Service (DaaS) have come a long way from their legacy predecessors. They’ve addressed several pain points around scalability, performance, and ease of management, providing a much better experience than traditional ... Read More

Convert the Browsers on BYOD / Unmanaged Devices into Secure Browsing SessionsAs modern enterprises continue to adapt to the flexible work culture, Bring Your Own Device (BYOD) policies have become a standard practice. However, protecting sensitive corporate data while maintaining user privacy and a seamless work experience has proven to be ... Read More

The HTML, CSS and Javascript Trojan Horse — Smuggling Malware through Web Resources‘Last Mile Reassembly Attacks’ evade every Secure Web Gateway in the market and deliver known malware to the endpointAt DEF CON 32, SquareX presented comprehensive research on the vulnerabilities of Secure Web Gateways (SWGs), which expose enterprises to myriad of client-side ... Read More

A Picture is Worth a Thousand Threats: Using Steganography to Deliver Malware Past Secure Web Gateways‘Last Mile Reassembly Attacks’ evade every Secure Web Gateway in the market and deliver known malware to the endpointAt DEF CON 32, SquareX showcased more than 30 vulnerabilities in Secure Web Gateways (SWGs), exposing how these widely ... Read More

‘Last Mile Reassembly Attacks’ evade every Secure Web Gateway in the market and deliver known malware to the endpointAt DEF CON 32, SquareX presented groundbreaking research curating vulnerabilities in Secure Web Gateways (SWGs) that leave organizations vulnerable to threats that these tools fail to detect. These traditional defenses, once considered the ... Read More

Vivek Ramachandran, Founder & CEO of SquareX, at DEF CON Main Stage.At DEF CON 32 this year, SquareX presented compelling research that revealed the shortcomings of Secure Web Gateways (SWG) in protecting the browser and demonstrated 30+ foolproof methods to bypass them. Anybody can test these bypasses against their SWG at ... Read More

Don’t let your employees fall prey to identity attacksIn the early internet days, logging in meant entering a username and password. If the password matched what the server had stored, you got in. Simple, right? But as online services grew, so did cyber threats. Passwords could be guessed, stolen, or reused, ... Read More

“Consider the Macro Perspective” — The Persistence of Macro-based MalwareUse SquareX to put an end to their three-decade streakOffice documents, encompassing a range of formats such as Word, Excel, and PowerPoint, have become deeply entrenched in the daily operations of countless organisations worldwide.One can argue that Microsoft was ahead of its time ... Read More