SquareX announced the official launch of The Browser Security Field Manual at Black Hat USA 2025. In addition to a comprehensive practical guide to the latest TTPs attackers are using to target employees in the browser, this comprehensive manual features industry perspectives from leading CISOs from multiple Fortune 500 enterprises and other iconic companies, who share their perspectives on the evolving browser security landscape, the importance of each threat vector, and how they expect these attacks to evolve in the near future. Major contributors include:
- Rathi Murthy, CTO of Varo Bank, Fmr. CTO of Expedia and Verizon
- Rahul Kashyap, Fmr. CISO at Arista Networks
- John Carse, Fmr. CISO at Dyson
As the browser becomes the new endpoint, it has also become the single most common initial access point attackers use to target employees. This is evident in the recent uptick in browser-based attacks such as the Cyberhaven breach, polymorphic extensions and Midnight Blizzard RDP-based attack. Yet, despite the increasing awareness of the browser security gap, given the nascency of the space, most security professionals lack the resources and tools to learn about this emerging threat landscape.
To address this gap, The Browser Security Field Manual systematically guides practitioners through the techniques attackers are using to target employees in the browser across five major threat vectors – Phishing, Malicious Browser Extensions, Browser-based Data Loss, Identity Attacks and Browser-Native Ransomware. Co-authored by Audrey Adeline and Vivek Ramachandran, the book covers everything from common to bleeding edge techniques, including sample code snippets and case studies of such attacks unfolding in real life.
“Attackers thrive on information arbitrage. As the place where 85% of work happens, it’s imperative that security teams understand how their employees are being targeted,” said Audrey Adeline, SquareX Researcher and Co-author of The Browser Security Field Manual. “We’ve been extremely fortunate to work closely with some of the industry’s top thought leaders, and we hope that this new edition of The Browser Security Field Manual will provide security teams with not only the practical aspect of browser security, but also an industry perspective of how these threat vectors are impacting organizations in real life today and how they may evolve in the future.”
This release builds on a successful soft launch of the book at RSAC this year, where SquareX shared early copies with hundreds of CISOs for early feedback and worked closely with many of these security leaders to incorporate their deep industry insights into the second edition of the book.
The Browser Security Field Manual will be available at Black Hat and DEF CON 33 bookstores, with the authors participating in both stores’ book signing event. The Black Hat book signing event is taking place at the Black Hat bookstore on Thursday, August 7 at 3:00pm – 3:30pm. The book is also available for pre-order via The Browser Security Field Manual website. Alternatively, you can find out more about the manual at SquareX Booth #6825 during Black Hat on August 6 from 10am to 6pm or on August 7 from 10am to 4pm.
About SquareX
SquareX‘s browser extension transforms any browser on any device into an enterprise-grade secure browser. SquareX’s industry-first Browser Detection and Response (BDR) solution empowers organizations to proactively detect, mitigate, and threat-hunt client-side web attacks including malicious browser extensions, advanced spearphishing, browser-native ransomware, genAI data loss prevention, and more.
Unlike legacy security approaches and cumbersome enterprise browsers, SquareX seamlessly integrates with users’ existing consumer browsers, ensuring enhanced security without compromising user experience or productivity. By delivering unparalleled visibility and control directly within the browser, SquareX enables security leaders to reduce their attack surface, gain actionable intelligence, and strengthen their enterprise cybersecurity posture against the newest threat vector – the browser.
Find out more at www.sqrx.com