ChannelLife UK - Industry insider news for technology resellers
United Kingdom

Guides

#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes

Search

Computer screen with shield icon warning symbols exclamation marks phishing hooks browser security
#
Phishing
#
Advanced Persistent Threat Protection
#
Email Security

SquareX unveils field manual to tackle rising browser threats

Fri, 18th Jul 2025
Author image
By Jed Nykolle Harme, Editor

SquareX has launched "The Browser Security Field Manual", a detailed guide to browser-based cyberattacks, with contributions from chief information security officers (CISOs) of high-profile companies including Arista Networks, Dyson and Expedia.

The manual, authored by cybersecurity specialists Vivek Ramachandran and Audrey Adeline, aims to address what the company describes as a growing risk area for businesses, reflecting the shift of the browser into the central point of user interaction in modern workplaces.

Industry perspectives

The guide not only details the techniques, tactics and procedures (TTPs) leveraged by attackers in the browser but also presents real-world commentary from CISOs such as Rathi Murthy, who serves as Chief Technology Officer at Varo Bank and has previously held leadership positions at Expedia and Verizon, Rahul Kashyap, former CISO at Arista Networks, and John Carse, former CISO at Dyson.

This collaborative approach seeks to reflect the evolving strategies adversaries use to exploit browser vulnerabilities and the industry's current understanding and response to these threats.

Responding to browser attacks

SquareX states that browsers have emerged as a primary attack vector, stemming from their role as essential endpoints in enterprise environments. Attacks referenced in the new manual include the Cyberhaven breach, the proliferation of polymorphic extensions, and incidents such as the Midnight Blizzard remote desktop protocol (RDP)-based attack – all of which, according to the company, highlight the need for further awareness and resources in this sphere.

The field manual systematises knowledge about browser threats across five primary vectors: phishing, malicious browser extensions, browser-based data loss, identity attacks, and browser-native ransomware. The book includes sample code and real-world case studies to bring these threats to life for practitioners.

Audrey Adeline, SquareX Researcher and Co-author of The Browser Security Field Manual, said,

Attackers thrive on information arbitrage. As the place where 85% of work happens, it's imperative that security teams understand how their employees are being targeted. We've been extremely fortunate to work closely with some of the industry's top thought leaders, and we hope that this new edition of The Browser Security Field Manual will provide security teams with not only the practical aspect of browser security, but also an industry perspective of how these threat vectors are impacting organizations in real life today and how they may evolve in the future.

The manual is designed for a range of users, from technical practitioners to those responsible for organisational oversight in cybersecurity, and includes perspectives both on day-to-day risks and the anticipated evolution of browser attacks.

Industry collaboration

The current edition builds upon feedback developed during an earlier, limited release at a prior security event, where copies were distributed to hundreds of CISOs for input. SquareX notes that many of these professionals directly contributed their insights, shaping the content to closely align with the operational challenges security teams are currently facing.

The Browser Security Field Manual will be available at official bookstores during Black Hat and DEF CON 33 events, with the authors set to attend book signings at both venues. The publication is also available for pre-order via its dedicated website, allowing broader access to practitioners worldwide.

SquareX's approach to browser security

The company's browser extension is designed to equip organisations with tools to detect and respond to a spectrum of web-based threats, including malicious extensions and browser-native ransomware, aiming to work without interfering with typical user experience or productivity.

SquareX's focus on integrating advanced security features directly into users' browsers is intended to give security professionals increased visibility and control over browser-related risks, a priority as browser-based workflows continue to dominate the enterprise landscape.

The newly launched manual is part of SquareX's ongoing efforts to supply the information and resources organisations require to defend against the shifting browser threatscape.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Most IT teams slow to update printer firmware, raising risks
Nearly half of UK firms hit by breaches from unmanaged devices
Genetec expands Montreal & London sites to meet global demand
Immersive unveils AI Lab Builder to boost cyber readiness skills
Westcon-Comstor to offer Proofpoint training to partners in Europe

Top stories

Vertiv acquires Great Lakes Data Racks for USD $200 million
Data Squared & Neo4j partner to deliver traceable AI systems
UK eCommerce faces rising fraud risks as regulations tighten for 2025
Tenable reveals RCE flaw in Oracle Cloud editor, highlights risks
Check Point appoints Jonathan Zanger to lead global AI strategy