#United States #Las Vegas #SquareX #CISO #BlackHat2025

Introduction

In a groundbreaking move, SquareX has officially launched The Browser Security Field Manual at Black Hat USA 2025, unveiling critical insights into the evolving landscape of browser security. This manual serves as an essential guide for security professionals, particularly as the browser emerges as a primary target for cyber attackers.

The Rising Threat Landscape

Today, the browser is increasingly recognized as a significant endpoint in cybersecurity. Attackers have shifted their focus, exploiting browsers as the initial access point to infiltrate organizations. Notable incidents, including the Cyberhaven breach and various sophisticated attacks like polymorphic extensions and Midnight Blizzard RDP-based attacks, highlight the urgency for heightened browser security measures.

The rise in browser-based attacks is alarming, and unfortunately, many security professionals find themselves underprepared to deal with these sophisticated threats. The Browser Security Field Manual aims to bridge this gap, offering practical solutions and comprehensive information on the latest tactics, techniques, and procedures (TTPs) being employed by attackers.

Key Contributions from Industry Leaders

The manual brings together voices from high-ranking security professionals and chief information security officers (CISOs) across leading Fortune 500 companies. Contributors include:

• - Rathi Murthy, CTO of Varo Bank, Former CTO of Expedia and Verizon
• - Rahul Kashyap, Former CISO at Arista Networks
• - John Carse, Former CISO at Dyson

These industry leaders share invaluable insights on the critical threat vectors impacting browsers today and expectations for future developments in cyber threats. Their perspectives underscore the necessity of understanding how attackers use these channels to access vital information and systems within organizations.

Focus Areas of the Manual

The Browser Security Field Manual delves deep into five major threat vectors associated with browser attacks:
1. Phishing
2. Malicious Browser Extensions
3. Browser-based Data Loss
4. Identity Attacks
5. Browser-Native Ransomware

Each section explores prevalent to emerging techniques, complete with case studies and sample code snippets to equip practitioners with actionable knowledge. Co-authors Audrey Adeline and Vivek Ramachandran emphasize the importance of preparing security teams for the future landscape of browser security, reiterating that “attackers thrive on information arbitrage.”

Valuable Resource for Security Professionals

The manual not only serves as a practical leader but also positions itself as a pivotal resource for organizations seeking to bolster their cybersecurity defenses effectively. Given that approximately 85% of corporate work occurs within browsers, understanding how employees are targeted is crucial for security teams.

“The insights gathered from discussions with top thought leaders in the industry are invaluable,” says Audrey Adeline, SquareX Researcher and Co-author. She adds, “We hope this manual sheds light on the practical aspects of browser security while offering an industry perspective for real-world challenges.”

Engagement at Black Hat USA 2025

Following a successful soft launch at RSAC, where early copies were shared with CISOs for feedback, SquareX looks forward to engaging more professionals at Black Hat USA 2025. The Browser Security Field Manual will be available at both Black Hat and DEF CON 33 bookstores, where authors will participate in signing events.

Availability

Pre-orders for the manual are open via its official website. Attendees are encouraged to visit SquareX Booth #6825 during the event for deeper insights and discussions on browser security mechanisms, best practices, and threat mitigation tactics.

About SquareX

SquareX stands at the forefront of browser security innovation, offering a unique browser extension that fortifies any web browser on any device. Their pioneering Browser Detection and Response (BDR) solution allows organizations to proactively combat client-side web attacks, ensuring that security measures integrate seamlessly into users' existing workflows without sacrificing experience or productivity.

With this launch, SquareX aims to redefine browser security, granting organizations enhanced visibility and control against a rapidly evolving array of cyber threats.