🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Jeswin Mathai Dakshitaa NUS SGInnovate

Secure Web Gateways (SWG) as part of SASE/SSE unfortunately is becoming dated tech when it comes to detecting client-side Web Attacks happening on an employee's browser. If you are a Pentester/Red Teamer/Security Researcher check out browser.security and test your

Happy Birthday to our fearless founder Vivek Ramachandran 🥳 Here's to another year of breaking barriers, shaking things up, and keeping the browser a safer place for everyone. Thank you for keeping us on our toes, pushing us to the edge of impossible, and making sure we always have a

I still remember the time when Gmail introduced its Web 2.0 "rich internet application" - everyone was so impressed that new mails would just appear rather than having to hit "refresh" every few minutes on the web page. We've come a long way - web protocols and applications have

so you think your defense posture has you "secure" then you wont mind trying this out to see how easily folks can break into your systems :) Vivek Ramachandran SquareX

Our Breaking Secure Web Gateways DEF CON talk which uncovered over a dozen architectural vulnerabilities in SASE/SSE SWGs is finally up - all vendors continue to remain vulnerable to these attacks: Test your own SASE/SSE: scan.browser.security and browser.security (live

We are looking to hire full time security researchers for SquareX primarily to investigate topics in Browser Security and Client-side Web Attacks. Requirements: published original research at hacker conferences / written security tools / anything else which demonstrates you

What I hate most about enterprise security product websites: No product demo videos and a lack of information on how the product works. Almost always, there is a need to schedule a call with sales, and this slows down the process. I understand the conventional wisdom that

The majority of initial access on an enterprise user's device occurs via the browser — whether through malicious file/script downloads, spearphishing, SSO hijacks, insider threats bypassing DLP, or malicious browser extensions exfiltrating data. The traditional approach is to

Can a Chrome Extension be taken over from the Chrome Store with just a few clicks? SquareX has uncovered targeted attacks on Chrome Extension developers aimed at taking over the chrome extension from the Chrome store - after this the attacker might try to push a malicious

QR code attacks are on the rise! These attacks smartly lure enterprise users to use their mobile devices where generally security is low. This is one of those classic attacks which cannot be solved in the cloud via an intercepting proxy as this would require them to analyze

Many enterprise users utilize consumer VPNs, such as OpenVPN. Corporate IT might approve this application because it’s a standard VPN client from a trusted server. However, can an enterprise user be hacked using an OpenVPN script? Many free VPN services provide a simple

Any interesting examples of cyber security ai agents that folks have built?

Employees have started using SSO as a convenient feature to log in to almost any website that offers a "Login with Microsoft/Google/..." option! Additionally, most SaaS apps provide a "free account to try" option, further encouraging employees to use their company accounts to

OMG! We had uncovered and warned about this a week back - the exact attack that Cyberhaven was compromised with and posted about this here: lnkd.in/g8WTmmW8 Such Identity based attacks can be stopped dead in the tracks with SquareX SquareX Feel free to DM me if you

The Cyberhaven attack is making headlines—but what could Cyberhaven and its customers have done to prevent it? Attack Context: lnkd.in/gqZCCDYh What Happeend? SquareX reported a large-scale attack targeting Chrome extensions. This is how it worked: - The Chrome Web

Really proud moment for the SquareX research team - we were the first to discover this attack and publicly disclose and warn Chrome Extension developers. This attack underscores the urgent need for a Browser Detection-Response solution—precisely the innovation SquareX is

Happy New Year everyone! 2025 is a very interesting number: (a) It is the square of the sum of the first nine numbers: ( 1 +2 +3 +4 +5 +6 +7 +8 +9 )^2 = 45 ^2 = 2025 (b) It is the sum of the first 45 odd numbers: 1 +3 +5 +7 +9 +....+ 87 + 89 = 2025 (c) Its a Harshad/Niven

Double Clickjacking is the new attack kid on the block - Here's a good article on Forbes by Davey Winder lnkd.in/gmjvup67 This subverts most existing browser-based protections like X-Frame-Options simply because it's a clever UI redressing attack. Also, the attack's

Jeswin Mathai is the Chief Architect at SquareX, a cybersecurity company focused on protecting users and companies from web-based threats. Jeswin joins the podcast with Gregor Vand to talk about browser security today. Jeswin Mathai softwareengineeringdaily.com/2025/02/27/bro…