Latest news with #Cyberhaven
Forbes
30-07-2025
- Forbes
Google Chrome Warning—‘Millions Of Users Have Data Stolen'
Be careful what you install. Google has issued an urgent warning for 2 billion Chrome users. A high-severity memory vulnerability could enable attackers to target users through the websites they visit. This has been fixed and all users should update and restart now. CVE-2025-8292 is a critical fix, but there's a much more dangerous threat to Chrome users that is hidden from sight. And so while all desktop users must ensure they move to version 138.0.7204.183/.184 of the browser, that's not enough to stay safe. This threat that should worry you more comes from extensions that might appear to be officially verified, but which have been designed or hijacked to attack your device. 'Millions of users have their data stolen,' SquareX's Vivek Ramachandran told me, as the extension-focused security team released its latest threat report. The alarming reality, he says, is that security tools do not have 'visibility into the dynamic behavior of extensions at run time to protect users against the rising threat vector' The past few years, SquareX says, 'have witnessed a surge in malicious browser extensions, including the Geco Colorpick, Cyberhaven and the Great Suspender. These malicious extensions exfiltrate data, steal session cookies, spread spyware and even hijack browser sessions of victims.' This includes extensions that were dangerous from the get-go, but also 'benign extensions that turned malicious — either due to a compromise or change in ownership — exploiting trusted extensions with a wide existing installed base.' 'Most enterprises still rely on extension store labels like 'Verified' and 'Chrome Featured' to determine its security,' Ramachandran says. 'This research showed that this is approach is extremely flawed as it turns out browser vendors and enterprises do not have sufficient tools to conduct extension analysis.' This latest extension warning from SquareX echoes prior reports that focus on the hidden threats from extensions now installed by most users without any of the checks and balances applied to the browser itself. In a world of increasing AI threats, including the use of marauding browser AI agents, this is a huge risk. 'The majority of extensions today are downloaded and installed from official stores like Chrome Store,' SquareX says. But store badges 'can be easily gamified by attackers with fake reviews and mass downloads. As a result, numerous Verified and Chrome Featured Extensions have been discovered as malicious, including the latest disclosure.' Extensions are often given free rein on devices and can operate with a user's credentials, which is a gift to attacks. 'It is important to first understand the 'superpowers' unique to browser extensions,' Square X warns, including: All told, while updating and restarting Chrome is critical, it could very well be that the real threat to your browser and the data it accesses is hidden from view and constantly working against you. You really do need to be careful what you install.
Forbes
18-07-2025
- Business
- Forbes
Prospects Want Partners, Not Products, In Enterprise Tech Sales
Harold Bell is the head of integrated marketing and brand at Cyberhaven. When I was a kid, my dad would often tell me, 'You have two ears and one mouth for a reason—so you can listen more and talk less.' Unfortunately for us both, it took another 25 years for the advice to resonate with me. Ironically enough, I now have a very low tolerance for self-absorbed soliloquies. However, with my career in tech approaching the 15-year milestone, I must admit there is still one area of my life plagued by these majestic monologues: the enterprise sales cycle. While some account reps routinely join Zoom calls with indifference or stride into meetings like they're auditioning for a Glengarry Glen Ross remake, their prospects are sitting there thinking, 'Great, another vendor who wants to solve a problem I haven't finished explaining.' And when the prospect inevitably becomes another member of the closed-lost club, sellers are left wondering why they were ghosted after what they thought was a spectacular first meeting. With that said, this article will explore some critical communication barriers that sellers are struggling to overcome, as well as provide tangible solutions that can be used as soon as you're done reading. The Reality Of Buyer Fatigue Enterprise technology buyers are exhausted. As noted by Robert Blaisdell, VP Analyst in the Gartner Sales Practice, 'Many B2B buyers feel overwhelmed and frustrated by the outreach they receive from sellers and the seller's organization. Bad prospecting actively damages relationships with potential customers.' Mentally drained by the parade of sales reps who show up with prepackaged solutions to problems they've never bothered to truly understand. These buyers have been pitched to death by reps who lead with features, follow with benefits and close with artificial urgency. The reality is that prospects have built elaborate defense mechanisms against traditional sales approaches because they've learned that most reps are more interested in moving products than moving their business forward. What buyers actually want is a partner who understands their world well enough to make intelligent recommendations about where technology can make a meaningful impact. They want someone who can connect the dots between their current challenges and future opportunities, not just between their budget and a quota. This means doing the hard work of understanding their industry dynamics, competitive pressures, regulatory environment and internal politics. It means asking questions that make them think differently about their situation, not just questions designed to qualify them for your product-led pitch deck. Becoming A Trusted Advisor The best account reps and sales engineers I've worked with over the years have one thing in common: They're genuinely curious about their prospects' business. Beyond identifying if they have a budget and buying authority, these sellers are curious about what keeps their prospects and customers up at night. They genuinely want to help customers be successful. When you can speak intelligently about the challenges facing a prospect's industry, share insights from similar deployments or help them think through the second- and third-order implications of their current options—that's when you stop being a vendor and start being an advisor. This level of insight doesn't come from sales training or battle cards. It comes from reading industry publications, attending conferences, building relationships with subject matter experts and having deep conversations with customers. Partnership In Practice The partnership approach requires patience and a longer-term perspective than the traditional transactional model. You might not close the deal in the current quarter, or even the current year (blasphemy, I know). But when you do close it, it's likely to be bigger, stickier and the first of many with that account. Partners think in terms of the customer's entire journey, not just the immediate purchase decision. They understand that today's proof of concept could evolve into tomorrow's companywide digital transformation. They're willing to invest time in understanding the customer's road map and positioning themselves to support multiple phases of that journey. Instead of leading with product demos, they lead with industry insights and thoughtful questions. Instead of pushing for meetings, they earn them by sharing valuable perspectives. Instead of talking about their company's capabilities, they talk about the customer's opportunities. They invest time in understanding not just what the customer does, but how they do it, why they do it that way and what they wish they could do differently. They map out the customer's ecosystem of partners, competitors and stakeholders. They understand the political dynamics and cultural factors that will influence implementation success. Most importantly, they position their recommendations in the context of the customer's broader strategic objectives, not just their immediate tactical needs. They help customers think through the full life cycle of their investment and prepare for challenges down the road. This approach also tends to generate better referrals and references because customers who feel truly partnered with are more likely to evangelize the vendor that put them in a position to win. How Collaboration Curbs Competition Considering how increasingly difficult product differentiation is to maintain, the sales relationship becomes a key competitive buffer. Prospects will choose the vendor they trust to be a thoughtful partner over the one with marginally better features or slightly lower prices. This is especially true in complex enterprise sales where implementation success depends heavily on the vendor's ability to navigate organizational dynamics, integrate with existing systems and adapt to changing requirements. Yes, technical capabilities matter—but so does having the confidence that your vendor has a vested interest in your success. For the account executives, it doesn't mean becoming a consultant. It means approaching each prospect with the curiosity of an investigative journalist, coupled with the strategic thinking of a business partner. Technology buyers of all sizes and industries are ready for this shift. They're tired of being sold to and are eager to create partnerships. If we're honest, nobody wakes up excited about buying your product. But plenty of people wake up excited about solving problems, capturing opportunities and building something meaningful. If you can help them do that, you'll never encounter a shortage of prospects who want to work with you. Forbes Communications Council is an invitation-only community for executives in successful public relations, media strategy, creative and advertising agencies. Do I qualify?
Techday NZ
17-07-2025
- Business
- Techday NZ
SquareX unveils field manual to tackle rising browser threats
SquareX has launched "The Browser Security Field Manual", a detailed guide to browser-based cyberattacks, with contributions from chief information security officers (CISOs) of high-profile companies including Arista Networks, Dyson and Expedia. The manual, authored by cybersecurity specialists Vivek Ramachandran and Audrey Adeline, aims to address what the company describes as a growing risk area for businesses, reflecting the shift of the browser into the central point of user interaction in modern workplaces. Industry perspectives The guide not only details the techniques, tactics and procedures (TTPs) leveraged by attackers in the browser but also presents real-world commentary from CISOs such as Rathi Murthy, who serves as Chief Technology Officer at Varo Bank and has previously held leadership positions at Expedia and Verizon, Rahul Kashyap, former CISO at Arista Networks, and John Carse, former CISO at Dyson. This collaborative approach seeks to reflect the evolving strategies adversaries use to exploit browser vulnerabilities and the industry's current understanding and response to these threats. Responding to browser attacks SquareX states that browsers have emerged as a primary attack vector, stemming from their role as essential endpoints in enterprise environments. Attacks referenced in the new manual include the Cyberhaven breach, the proliferation of polymorphic extensions, and incidents such as the Midnight Blizzard remote desktop protocol (RDP)-based attack – all of which, according to the company, highlight the need for further awareness and resources in this sphere. The field manual systematises knowledge about browser threats across five primary vectors: phishing, malicious browser extensions, browser-based data loss, identity attacks, and browser-native ransomware. The book includes sample code and real-world case studies to bring these threats to life for practitioners. Audrey Adeline, SquareX Researcher and Co-author of The Browser Security Field Manual, said, Attackers thrive on information arbitrage. As the place where 85% of work happens, it's imperative that security teams understand how their employees are being targeted. We've been extremely fortunate to work closely with some of the industry's top thought leaders, and we hope that this new edition of The Browser Security Field Manual will provide security teams with not only the practical aspect of browser security, but also an industry perspective of how these threat vectors are impacting organizations in real life today and how they may evolve in the future. The manual is designed for a range of users, from technical practitioners to those responsible for organisational oversight in cybersecurity, and includes perspectives both on day-to-day risks and the anticipated evolution of browser attacks. Industry collaboration The current edition builds upon feedback developed during an earlier, limited release at a prior security event, where copies were distributed to hundreds of CISOs for input. SquareX notes that many of these professionals directly contributed their insights, shaping the content to closely align with the operational challenges security teams are currently facing. The Browser Security Field Manual will be available at official bookstores during Black Hat and DEF CON 33 events, with the authors set to attend book signings at both venues. The publication is also available for pre-order via its dedicated website, allowing broader access to practitioners worldwide. SquareX's approach to browser security The company's browser extension is designed to equip organisations with tools to detect and respond to a spectrum of web-based threats, including malicious extensions and browser-native ransomware, aiming to work without interfering with typical user experience or productivity. SquareX's focus on integrating advanced security features directly into users' browsers is intended to give security professionals increased visibility and control over browser-related risks, a priority as browser-based workflows continue to dominate the enterprise landscape. The newly launched manual is part of SquareX's ongoing efforts to supply the information and resources organisations require to defend against the shifting browser threatscape.
Business Insider
17-07-2025
- Business
- Business Insider
SquareX Collaborates with Top Fortune 500 CISOs to Launch The Browser Security Field Manual at Black Hat
Palo Alto, California, July 17th, 2025, CyberNewsWire SquareX announced the official launch of The Browser Security Field Manual at Black Hat USA 2025. In addition to a comprehensive practical guide to the latest TTPs attackers are using to target employees in the browser, this comprehensive manual features industry perspectives from leading CISOs from multiple Fortune 500 enterprises and other iconic companies, who share their perspectives on the evolving browser security landscape, the importance of each threat vector, and how they expect these attacks to evolve in the near future. Major contributors include: Rathi Murthy, CTO of Varo Bank, Fmr. CTO of Expedia and Verizon Rahul Kashyap, Fmr. CISO at Arista Networks John Carse, Fmr. CISO at Dyson As the browser becomes the new endpoint, it has also become the single most common initial access point attackers use to target employees. This is evident in the recent uptick in browser-based attacks such as the Cyberhaven breach, polymorphic extensions and Midnight Blizzard RDP-based attack. Yet, despite the increasing awareness of the browser security gap, given the nascency of the space, most security professionals lack the resources and tools to learn about this emerging threat landscape. To address this gap, The Browser Security Field Manual systematically guides practitioners through the techniques attackers are using to target employees in the browser across five major threat vectors - Phishing, Malicious Browser Extensions, Browser-based Data Loss, Identity Attacks and Browser-Native Ransomware. Co-authored by Audrey Adeline and Vivek Ramachandran, the book covers everything from common to bleeding edge techniques, including sample code snippets and case studies of such attacks unfolding in real life. "Attackers thrive on information arbitrage. As the place where 85% of work happens, it's imperative that security teams understand how their employees are being targeted," said Audrey Adeline, SquareX Researcher and Co-author of The Browser Security Field Manual. "We've been extremely fortunate to work closely with some of the industry's top thought leaders, and we hope that this new edition of The Browser Security Field Manual will provide security teams with not only the practical aspect of browser security, but also an industry perspective of how these threat vectors are impacting organizations in real life today and how they may evolve in the future." This release builds on a successful soft launch of the book at RSAC this year, where SquareX shared early copies with hundreds of CISOs for early feedback and worked closely with many of these security leaders to incorporate their deep industry insights into the second edition of the book. The Browser Security Field Manual will be available at Black Hat and DEF CON 33 bookstores, with the authors participating in both stores' book signing event. The Black Hat book signing event is taking place at the Black Hat bookstore on Thursday August 7 at 3:00pm - 3.30pm. The book is also available for pre-order via The Browser Security Field Manual website. Alternatively, you can find out more about the manual at SquareX Booth #6825 during Black Hat on August 6 from 10am to 6pm or on August 7 from 10am to 4pm. About SquareX SquareX's browser extension transforms any browser on any device into an enterprise-grade secure browser. SquareX's industry-first Browser Detection and Response (BDR) solution empowers organizations to proactively detect, mitigate, and threat-hunt client-side web attacks including malicious browser extensions, advanced spearphishing, browser-native ransomware, genAI data loss prevention, and more. Unlike legacy security approaches and cumbersome enterprise browsers, SquareX seamlessly integrates with users' existing consumer browsers, ensuring enhanced security without compromising user experience or productivity. By delivering unparalleled visibility and control directly within the browser, SquareX enables security leaders to reduce their attack surface, gain actionable intelligence, and strengthen their enterprise cybersecurity posture against the newest threat vector – the browser. Users can find out more at Contact Junice Liew
Yahoo
03-04-2025
- Business
- Yahoo
Cyberhaven secures $100m in Series D funding to steer growth
AI-powered data security company Cyberhaven has raised $100m in a Series D funding round to expedite its 'rapid' growth. This investment was spearheaded by StepStone Group with participation from new investors Schroders and Industry Ventures. This latest funding brings Cyberhaven's total investment to $250m, marking a sevenfold increase in its valuation over the past year to $1bn. The company plans to utilise these funds to enhance its platform through mergers and acquisitions (M&A) and organic innovation. Additionally, Cyberhaven intends to enhance its market reach with 'aggressive' go-to-market strategies to protect sensitive data globally. Cyberhaven CEO Howard Ting said: 'We are building the data security platform to tackle the most difficult challenges facing enterprise security teams with a fundamentally new approach. 'In today's AI-driven world, data protection must evolve beyond traditional approaches and boundaries. We're giving organisations complete visibility and real-time control over their data, regardless of how it transforms or where it flows.' The company's data tracing and risk detection capabilities, built on data lineage and AI technologies, aids organisations to accurately identify and mitigate threats to their critical data. Cyberhaven focuses on data lineage—tracking the origin, movement, and transformation of data across an organisation with a level of scale and precision that sets it apart. Its platform is powered by the large lineage model, which analyses data movement in real-time. This AI-driven system provides comprehensive visibility into data flows and enables precise threat detection and response as incidents occur. StepStone Group partner Seyonne Kang said: 'Just as EDR revolutionised endpoint security by focusing on behaviour rather than signatures, Cyberhaven's Data Detection and Response approach is redefining data security by applying AI-based behavioural analysis to data. 'We're excited to partner with this incredible team as they build the future of data protection in a world where data is constantly in motion.' "Cyberhaven secures $100m in Series D funding to steer growth" was originally created and published by Verdict, a GlobalData owned brand. The information on this site has been included in good faith for general informational purposes only. It is not intended to amount to advice on which you should rely, and we give no representation, warranty or guarantee, whether express or implied as to its accuracy or completeness. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on our site. Sign in to access your portfolio
