Browsers
The Evolution of Ransomware: Browser-Native Ransomware
Among the cyber community, ransomware stands as one of the most recognized and dreaded forms of attack due to the scale of financial and reputational repercussions that come with it. However, over ...
Polymorphic Extensions: The Sneaky Extension That Can Impersonate Any Browser Extension
Imagine that your AI transcriber tool shapeshifts into your password manager, then your crypto wallet and finally into your banking app — all without your knowledge. This is exactly what polymorphic extensions can do ...
Browser Extensions: The Infostealers Nobody is Watching Out For
Extension-Based Infostealers and How to Stop ThemInfostealers have become a critical security threat, capable of exfiltrating valuable data including credentials, intellectual property, personal information, and financial records. Currently, two primary categories are well-documented: ...
PLAYFULGHOST: The Spread of A Not So Friendly Ghost
Disclosed by Google security researcher Tatsuhiko, PLAYFULGHOST is a new family of malware that has become endemic to the Chinese browser and superapp QQ. The malware allows the attackers to remotely control ...
Two Clicks to Chaos: How Double-clickjacking Hands Over Control of Apps without Users Knowing
In our last blog, we discussed how OAuth-based consent phishing attacks have been used to trick users into giving malicious apps the permission to conduct malicious activities via an employee’s account. This ...
Unique Data Loss Challenges in the Browser
In today’s digital age, data is a company’s most valuable asset. A single instance of data loss can lead to severe consequences, from hefty fines for violating data privacy laws like GDPR ...
6 Reasons Why Enterprises Are Shifting from VDI to SquareX
SquareX’s VDI Replacement Solution — Contractor & Developer Access through Secure Private EnvironmentsModern Virtual Desktop Infrastructure (VDI) solutions and Desktop as a Service (DaaS) have come a long way from their legacy predecessors. They’ve ...
SquareX at Hacker Summer Camp: It’s a Wrap!
Wrapping Up an Incredible Experience for Team SquareXTeam SquareX has just wrapped up the third and final day of DEF CON 32, marking the end of our time at Hacker Summer Camp — attending both ...
SquareX at Hacker Summer Camp: Black Hat USA 2024 Day 2
Wrapping up the conference before we move on to DEF CONÂ 32As the sun rose over Las Vegas, Team SquareX kicked off the second day of Black Hat USA 2024 bright and early ...
Exploiting Mistyped URLs
Interesting research: “Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains“: Abstract: Web users often follow hyperlinks hastily, expecting them to be correctly programmed. However, it is possible those links contain typos ...
