Blog

Roy Paz Published - April 28, 2026

CursorJacking: Every Cursor User Is Vulnerable to API Key Theft by Rogue Extensions

Cursor doesn’t store API keys in protected storage, meaning any extension can access them. Cursor knew about this vulnerability but didn’t fix it. Executive Summary LayerX security researchers have found that any extension of the popular AI development tool Cursor can access the developer’s API keys and session tokens, leading to full credential compromise, with […]

Learn More
CursorJacking: Every Cursor User Is Vulnerable to API Key Theft by Rogue Extensions
Home Blog
Extension Developers Sell The Data of At Least 6.5 Million Users – And It’s All Completely Legal
Uncategorized

Extension Developers Sell The Data of At Least 6.5 Million Users – And It’s All Completely Legal

This isn’t a story about malware. Nobody hacked you. Nobody stole anything. The extensions you’re running right now may be selling your browsing data — and they told you they would. It’s right there in the privacy policy. Page 4. Paragraph 7. The one nobody reads.

Dar Kahllon & Guy Erez - April 04, 2026 Read more
StealTok: 130k Users Compromised by Data Stealing TikTok Video “Downloaders”
LayerX Labs

StealTok: 130k Users Compromised by Data Stealing TikTok Video “Downloaders”

  LayerX security researchers have uncovered a campaign of at least 12 interrelated browser extensions that masquerade as TikTok video downloaders but in reality track user activity and collect data. The extensions share a common codebase and are all clones or lightly modified versions of each other, indicating that this is a long-standing and persistent […]

Natalie Zargarov - April 04, 2026 Read more
The AI Tool in Your Browser Is Probably the Biggest Security Risk You’re Not Thinking About
Company News

The AI Tool in Your Browser Is Probably the Biggest Security Risk You’re Not Thinking About

  There’s a good chance that right now, as you read this, you have somewhere between three and fifteen browser extensions installed. A grammar checker. A password manager. Maybe a couple of AI assistants. You installed most of them quickly, clicked “Add to Chrome,” and never thought about them again. That’s exactly the problem. We […]

Or Eshed - April 04, 2026 Read more
Vibe Hacking: Claude Code Can Be Turned Into A Nation-State-Level Attack Tool With No Coding At All
LayerX Labs

Vibe Hacking: Claude Code Can Be Turned Into A Nation-State-Level Attack Tool With No Coding At All

  LayerX researchers have found how Claude Code can be turned from a ‘vibe’ coding tool into a nation-state-level offensive hacking tool that can be used to hack websites, launch cyberattacks, and research new vulnerabilities. Our research demonstrates how trivially easy it is to convince Claude Code to abandon its safety guardrails and remove its […]

Roy Paz - April 04, 2026 Read more
Generative AI Has Rewritten the Rules of Security; Here’s How LayerX and Intel Are Meeting the Moment
Executive Viewpoint

Generative AI Has Rewritten the Rules of Security; Here’s How LayerX and Intel Are Meeting the Moment

Generative AI hasn’t just changed how we work, but also how attackers operate, how data moves, and what security teams need to defend against. The same technology that makes employees more productive is creating entirely new attack surfaces, and the tools we used to rely on simply weren’t built for this world. Traditional DLP solutions […]

Or Eshed - March 03, 2026 Read more
Poisoned Typeface: How Simple Font Rendering Poisons Every AI Assistant, And Only Microsoft Cares
LayerX Labs

Poisoned Typeface: How Simple Font Rendering Poisons Every AI Assistant, And Only Microsoft Cares

Executive Summary: LayerX researchers have discovered how a simple custom font can compromise every AI system in the market. With nothing more than a custom font and simple CSS, we created a webpage where the browser renders instructions that would lead the user to execute a reverse shell, while the DOM text analyzed by AI […]

Roy Paz - March 03, 2026 Read more
A New Governance Layer at the Moment of Interaction: The RFP Guide for Evaluating AI Usage Control Solutions
Company News

A New Governance Layer at the Moment of Interaction: The RFP Guide for Evaluating AI Usage Control Solutions

  As AI becomes embedded across browsers, SaaS platforms, extensions, copilots, and emerging agentic workflows, organizations require a new governance layer that operates at the moment of interaction. That requirement changes what “good” looks like in AI governance. Vendor evaluation needs to move past broad promises and focus on concrete, comparable criteria across discovery, contextual […]

Or Eshed - March 03, 2026 Read more
Any Extension Can Be Weaponized To Install Malware on Target Hosts
LayerX Labs

Any Extension Can Be Weaponized To Install Malware on Target Hosts

Executive Summary: Invisible Threats Can Easily Turn a Chrome Extension into a Host-Level RCE Since they were introduced, browser extensions have been treated as lightweight productivity tools — harmless add-ons that live somewhere between bookmarks and settings. They are installed casually, updated silently, and rarely scrutinized once they become part of a user’s daily workflow. […]

Iyar Segev - March 03, 2026 Read more
LayerX Announces The First Dedicated Solution for Agentic Browser Protection
Company News

LayerX Announces The First Dedicated Solution for Agentic Browser Protection

LayerX is proud to introduce a first-of-its-kind security capability built specifically for the next evolution of the browser: LayerX Agentic Browser Protection Meet LayerX Agentic Browser Protection Enabling the Future of AI Browsing — Safely Browsers are no longer just windows to the web. They’ve quietly become the primary interface for AI. Today, most AI […]

Or Eshed - February 02, 2026 Read more
“AiFrame”- Fake AI Assistant Extensions Targeting 260,000 Chrome Users via injected iframes
Company News

“AiFrame”- Fake AI Assistant Extensions Targeting 260,000 Chrome Users via injected iframes

Contributors: Dar Kahllon As generative AI tools like ChatGPT, Claude, Gemini, and Grok become part of everyday workflows, attackers are increasingly exploiting their popularity to distribute malicious browser extensions. In this research, we uncovered a coordinated campaign of Chrome extensions posing as AI assistants for summarization, chat, writing, and Gmail assistance. While these tools appear […]

Natalie Zargarov - February 02, 2026 Read more
Claude Desktop Extensions Exposes Over 10,000 Users to Remote Code Execution Vulnerability
Company News

Claude Desktop Extensions Exposes Over 10,000 Users to Remote Code Execution Vulnerability

  Summary: LayerX discovered a zero-click remote code execution (RCE) vulnerability in Claude Desktop Extensions (DXT), in which a single Google Calendar event can silently compromise a system running Claude Desktop Extensions. The flaw impacts more than 10,000 active users and 50 DXT extensions.  Unlike traditional browser extensions, Claude Desktop Extensions run unsandboxed with full […]

Roy Paz - February 02, 2026 Read more
How We Discovered A Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts
Company News

How We Discovered A Campaign of 16 Malicious Extensions Built to Steal ChatGPT Accounts

LayerX Research identified a coordinated set of Chrome browser extensions marketed as ChatGPT enhancement and productivity tools. In practice, however, these extensions are meant to steal users’ ChatGPT identities. The campaign consists of at least 16 distinct extensions developed by the same threat actor, in order to reach as wide a distribution as possible. This […]

Natalie Zargarov - January 01, 2026 Read more
Browser Extensions Gone Rogue: The Full Scope of the GhostPoster Campaign
Company News

Browser Extensions Gone Rogue: The Full Scope of the GhostPoster Campaign

  Last month, researchers at Koi Security published a detailed analysis of a malicious Firefox extension they dubbed GhostPoster – a browser-based malware leveraging an uncommon and stealthy payload delivery method: steganography within a PNG icon file. This innovative approach allowed the malware to evade traditional extension security reviews and static analysis tools. Following their […]

Natalie Zargarov - January 01, 2026 Read more
Silent Takeover: How Purchased Chrome Extensions Became Remote-Controlled Webpage Manipulation Tools
Company News

Silent Takeover: How Purchased Chrome Extensions Became Remote-Controlled Webpage Manipulation Tools

  Executive Summary Our investigation uncovered a coordinated campaign in which multiple Chrome extensions—initially benign and serving unrelated purposes—were transformed into remotely controlled content-injection tools. Although the extensions appeared harmless and requested no special permissions, each was modified to periodically download a configuration file from an attacker-controlled domain. These dynamic rules allowed the extensions to […]

Natalie Zargarov - December 12, 2025 Read more
Introducing the Tactics & Techniques Matrix for Malicious Browser Extensions
Company News

Introducing the Tactics & Techniques Matrix for Malicious Browser Extensions

  Most of us rely on browser extensions every day, often without thinking about it. They make online work faster and easier by saving passwords, blocking ads, translating text, managing notes, or connecting our favorite-web apps together. For many organizations, extensions have also become a practical replacement for traditional desktop software. As endpoint malware grew […]

Natalie Zargarov - December 12, 2025 Read more
RolyPoly VPN: The Malicious “Free” VPN Extension That Keeps Coming Back
Company News

RolyPoly VPN: The Malicious “Free” VPN Extension That Keeps Coming Back

  Executive Summary  Security researchers at LayerX Security have uncovered a campaign involving malicious VPN and ad-blocking extensions designed to steal sensitive user data. The campaign is persistent in its attempts to resurface, even after it has been taken down previously (more than once). While the extensions part of this reincarnated campaign have 31,000 live […]

Natalie Zargarov - November 11, 2025 Read more
Why The Browser Has Become the Enterprise’s Most Overlooked Endpoint
Company News

Why The Browser Has Become the Enterprise’s Most Overlooked Endpoint

  Most enterprise work now happens in the browser. Employees launch SaaS apps, invoke GenAI tools, paste in prompts, install extensions and authenticate identities, all happen in the browser. And yet, despite being the centerpiece of modern productivity, the browser remains largely outside the visibility of traditional security stacks like DLP, EDR, and SSE.  That […]

Or Eshed - November 11, 2025 Read more
“ChatGPT Tainted Memories:” LayerX Discovers The First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions into ChatGPT
Company News

“ChatGPT Tainted Memories:” LayerX Discovers The First Vulnerability in OpenAI Atlas Browser, Allowing Injection of Malicious Instructions into ChatGPT

  LayerX discovered the first vulnerability impacting OpenAI’s new ChatGPT Atlas browser, allowing bad actors to inject malicious instructions into ChatGPT’s “memory” and execute remote code. This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware. The vulnerability affects ChatGPT users on any browser, but it is […]

Roy Paz - October 10, 2025 Read more
LayerX Leads the Way (Again): First to Secure OpenAI’s New Atlas AI Browser
Company News

LayerX Leads the Way (Again): First to Secure OpenAI’s New Atlas AI Browser

LayerX Security has once again set the standard for innovation in enterprise browser security. Today, we’re proud to announce that LayerX is the first enterprise browser security platform to support OpenAI’s newly launched agentic browser, Atlas. This milestone reinforces our leadership in securing the next generation of AI-powered browsing, where artificial intelligence and enterprise security […]

Or Eshed - October 10, 2025 Read more
AI Is Now the #1 Data Exfiltration Vector in the Enterprise And Nobody’s Watching
Executive Viewpoint

AI Is Now the #1 Data Exfiltration Vector in the Enterprise And Nobody’s Watching

AI technology went from an experimental toy to a workplace staple in under three years. That much we all knew. What nobody expected was how fast it would surpass traditional SaaS categories not only in adoption, but in risk. Our new Enterprise AI and SaaS Data Security Report 2025, based on real-world browsing telemetry from […]

Or Eshed - October 10, 2025 Read more
Is Perplexity Comet Safe? LayerX Finds a Prompt Injection Attack Vector
LayerX Labs

Is Perplexity Comet Safe? LayerX Finds a Prompt Injection Attack Vector

Executive summary New research by LayerX shows how a single weaponized URL, without any malicious page content, is enough to let an attacker steal any sensitive data that has been exposed in the Comet browser.  For example, if the user asked Comet to rewrite an email or schedule an appointment, the email content and meeting […]

Aviad Gispan - October 10, 2025 Read more
LayerX Finds that Perplexity’s Comet Browser is Up To 85% More Vulnerable to Phishing and Web Attacks Than Chrome
Company News

LayerX Finds that Perplexity’s Comet Browser is Up To 85% More Vulnerable to Phishing and Web Attacks Than Chrome

New research by LayerX shows that new AI browsers, and particularly Perplexity’s Comet browser and Genspark, exhibit alarmingly low success rates in blocking even poorly crafted and obviously malicious phishing websites.  These findings, based on research by LayerX security researcher Paloma Perlov, are crucial as they expose a new and expanding threat surface of AI […]

Michelle Warburg - September 09, 2025 Read more
Francis Odum on the One Layer Your Security Stack Still Misses
Company News

Francis Odum on the One Layer Your Security Stack Still Misses

95% of organizations report browser-based attacks. Most don’t have a plan to stop them. That’s not a throwaway stat. It’s a signal that security strategies are misaligned with where the work, and the risk, actually happen. Today, the browser is where data moves. Where decisions happen. Where attackers hide. So why do most security stacks […]

Or Eshed - August 08, 2025 Read more
LayerX is the Only Secure Enterprise Browser Company to Be Named in the AI Usage Control Category
Company News

LayerX is the Only Secure Enterprise Browser Company to Be Named in the AI Usage Control Category

We’re proud to share that LayerX has been recognized as a Representative Vendor in not one, but two pivotal Gartner categories: Secure Enterprise Browsers and AI Usage Control. This recognition, published across five separate 2025 Gartner Hype Cycle reports, underscores something we’ve known all along: securing the browser is the only scalable way to protect […]

Or Eshed - August 08, 2025 Read more
Top 5 GenAI Tools Vulnerable to Man-in-the-Prompt Attack, Billions Could Be Affected
Company News

Top 5 GenAI Tools Vulnerable to Man-in-the-Prompt Attack, Billions Could Be Affected

A New Vector for Prompt Injection Attacks That Threatens Both Commercial and Internal AI Tools LayerX researchers have identified a new class of exploit that directly targets these tools through a previously overlooked vector: the browser extension. This means that practically any user or organization that have browser extensions installed on their browsers (as 99% […]

Aviad Gispan - July 07, 2025 Read more
LayerX Joins Forces with Google Chrome Enterprise to Stop Malicious Browser Extensions
Company News

LayerX Joins Forces with Google Chrome Enterprise to Stop Malicious Browser Extensions

We’ve always believed that the browser is the new workspace. And as work increasingly happens inside the browser, it’s no surprise that securing it has become mission-critical. That’s why we’re thrilled to share some big news: LayerX is now officially collaborating with Google Chrome Enterprise to deliver a new level of visibility and control over […]

Or Eshed - July 07, 2025 Read more
LayerX Becomes First Browsing Security Company to Support New AI Browsers
Company News

LayerX Becomes First Browsing Security Company to Support New AI Browsers

LayerX has added support for Perplexity’s Comet browser and for Dia, to support new AI-native user workflows and enable AI productivity while maintaining data security. AI is redefining how we work. That’s not a prediction—it’s happening right now. Your team isn’t just using AI tools like ChatGPT, Gemini, and Copilot. They’re living in them. From […]

Or Eshed - July 07, 2025 Read more
What Happens In The Browser Stays In The Browser, Or Does It…
Company News

What Happens In The Browser Stays In The Browser, Or Does It…

LayerX Is Headed To Vegas: Here’s Where to Find Us During Cybersecurity’s Busiest Week Black Hat USA. BSides Las Vegas. DEF CON 33 This August, Vegas becomes the epicenter of cybersecurity, and LayerX will be right in the heart of it. From hands-on workshops to identity risk insights to a one-of-a-kind culinary adventure through Chinatown, […]

Or Eshed - July 07, 2025 Read more
Beyond CASB: A Browser-Centric Approach to SaaS Security
Executive Viewpoint

Beyond CASB: A Browser-Centric Approach to SaaS Security

  The rapid adoption of Software-as-a-Service (SaaS) applications has fundamentally transformed the enterprise landscape. With organizations now utilizing an average of 371 SaaS apps—a 32% increase since 2021—these tools have become indispensable for streamlining workflows and enhancing productivity. However, this surge in SaaS usage has also introduced a complex web of security risks, ranging from […]

Or Eshed - June 06, 2025 Read more
Sleeper Sound: LayerX Uncovers Malicious “Sleeper” Sound Management Extensions with Nearly 1.5 Million Users Worldwide
Executive Viewpoint

Sleeper Sound: LayerX Uncovers Malicious “Sleeper” Sound Management Extensions with Nearly 1.5 Million Users Worldwide

  LayerX has unearthed network of malicious “sleeper agent” extensions that appear to serve as infrastructure for future malicious activity, currently installed on nearly 1.5 million users worldwide.   LayerX has discovered a network of browser extensions that appear to serve as ‘sleeper agents’ for future malicious activity. The extensions appear to have all been […]

Or Eshed - June 06, 2025 Read more
The Cost of Convenience: Inside the Scandal That Exposed Messaging Apps as a New Security Frontier
Executive Viewpoint

The Cost of Convenience: Inside the Scandal That Exposed Messaging Apps as a New Security Frontier

  In a tech world obsessed with growth, innovation, and speed, few stories hit as hard as the unfolding battle between two of the industry’s most prominent competitors: Rippling and Deel. Both are high-flying HR tech unicorns, shaping the future of global workforce management and payroll. But beneath their polished pitches and billion-dollar valuations, a […]

Or Eshed - May 05, 2025 Read more
What Coinbase Got Wrong—And How You Can Get It Right
Executive Viewpoint

What Coinbase Got Wrong—And How You Can Get It Right

  Let’s be honest, when most people think of a “cyberattack,” they picture hoodie-clad hackers hammering away at firewalls from some dark basement. But reality? It’s much less cinematic and a lot more dangerous. The truth is, sometimes the threat is already logged in. That’s what makes insider threats so devastating. They don’t break down […]

Or Eshed - May 05, 2025 Read more
Introducing ExtensionPedia: Your Ultimate Resource to Assess and Mitigate Browser Extension Risks
LayerX Labs

Introducing ExtensionPedia: Your Ultimate Resource to Assess and Mitigate Browser Extension Risks

LayerX is proud to announce the launch of ExtensionPedia, the Browser Extension Risk Database and Knowledge Center, for immediate general availability! Browser extensions significantly enhance productivity, streamline workflows, and personalize user experiences. Yet, beneath their convenience lies a hidden threat—malicious extensions posing serious risks to identity security, data privacy, and organizational integrity. The Hidden Risks […]

Or Eshed - May 05, 2025 Read more
LayerX Reveals 40+ Malicious Browser Extensions
LayerX Labs

LayerX Reveals 40+ Malicious Browser Extensions

LayerX has identified over 40 malicious browser extensions that are part of three distinct phishing campaigns. The initial detection of this campaign was done by the DomainTools Intelligence (DTI) team, who identified a list of suspicious domains that were communicating with browser extensions masquerading as legitimate brands. However, while the research by DTI provided a […]

Michelle Warburg - May 05, 2025 Read more
Introducing Full Conversation Tracking: The Next Step in GenAI Data Protection
LayerX Labs

Introducing Full Conversation Tracking: The Next Step in GenAI Data Protection

GenAI Security – Or Insecurity – Is In Your Hands GenAI tools like ChatGPT, Gemini, and Copilot are hot topics among employees. Their adoption is growing among the enterprise employees, as expected, while the software developers are of the highest consumers of GenAI, with almost 40% and sales and marketing professionals are just after with […]

Michelle Warburg - May 05, 2025 Read more
Scaling a Smarter, Safer Browser Future
Company News

Scaling a Smarter, Safer Browser Future

The enterprise browser is no longer just a portal to the web, it’s the nerve center of modern work. Recognizing this shift, LayerX set out to rethink how enterprises secure the place where work actually happens. Today we’re excited to share a major milestone on our journey: LayerX has extended its Series A funding by […]

Or Eshed - April 04, 2025 Read more
Gartner: The Browser is the new Security Control Point for the SaaS Age
Executive Viewpoint

Gartner: The Browser is the new Security Control Point for the SaaS Age

Secure Enterprise Browsers (SEBs) and browser extensions aren’t just add-ons, they’re critical for addressing security gaps that traditional EDR and network solutions miss. Gartner’s latest report makes it clear: if your security stack isn’t focused on the browser, you’re leaving the door wide open. In today’s enterprise environment, securing the browser isn’t optional, it’s fundamental. […]

Or Eshed - April 04, 2025 Read more
Copy, Paste, Escape: The growing risk of fileless data movement and risk in browsers
LayerX Labs

Copy, Paste, Escape: The growing risk of fileless data movement and risk in browsers

In the modern corporate environment, web browsers have become indispensable tools for daily operations. Recent studies indicate that the average employee spends over 85% of their workday using a browser. This heavy reliance on browsers, while enhancing productivity, also introduces significant security challenges, particularly concerning fileless data movement. As security and DLP experts face daily […]

Michelle Warburg - March 03, 2025 Read more
LayerX Labs Identifies New Phishing Campaign Targeted at Mac Users
LayerX Labs

LayerX Labs Identifies New Phishing Campaign Targeted at Mac Users

A new phishing attack campaign, targeting Mac users and identified by LayerX Labs, shows the trials and tribulations of combating online phishing, and how attacks morph and shift in response to adaptations by security tools. For the past few months, LayerX has been monitoring a sophisticated phishing campaign that initially targeted Windows users by masquerading […]

Or Eshed - March 03, 2025 Read more
The Enterprise GenAI Data Security Report 2025: How Enterprises Consume GenAI Tools
LayerX Labs

The Enterprise GenAI Data Security Report 2025: How Enterprises Consume GenAI Tools

GenAI has become an essential component in the employee toolkit. Yet, going beyond bombastic headlines such as these, actual quantitative data about how AI applications are being used remains surprisingly scarce. At LayerX, our enterprise browser extension provides us with visibility into users’ activities in the browser, where GenAI application usage takes place. We can […]

Or Eshed - March 03, 2025 Read more
Attack Campaign Targeting Browser Extensions: What Happened, Who’s Impacted, How to Protect Yourself, and How LayerX Can Help (Rolling Updates)
LayerX Labs

Attack Campaign Targeting Browser Extensions: What Happened, Who’s Impacted, How to Protect Yourself, and How LayerX Can Help (Rolling Updates)

Last updated: December 30th, 2024 This blog thread is tracking the unfolding global attack campaign targeting browser extensions on the Chrome Web Store. We will update new details as they become available. Summary On December 27, 2024, cybersecurity startup Cyberhaven disclosed that an attack has compromised its browser extension and injected malicious code into it. […]

Or Eshed - December 12, 2024 Read more
How a Simple DocuSign Email Could Have Cost Us Everything: A Close Call with Phishing
LayerX Labs

How a Simple DocuSign Email Could Have Cost Us Everything: A Close Call with Phishing

During the past few weeks, LayerX Labs identified a phishing campaign that impersonates legitimate DocuSign emails, attempting to trick victims into revealing sensitive information. Here’s what happened, and how LayerX prevented a potential security disaster. It started like any other Monday morning. Sarah, a senior account manager (a fictional character for illustration purposes), was going […]

Or Eshed - November 11, 2024 Read more
LayerX Labs Identifies New AI Attack Vector: GPT Masquerading Attacks
LayerX Labs

LayerX Labs Identifies New AI Attack Vector: GPT Masquerading Attacks

LayerX Labs has identified a novel attack vector for malicious actors to try and extract sensitive data from unsuspecting users: GPT Masquareding Attacks.  In this attack, hackers impersonate legitimate GPTs hosted on OpenAI’s ChatGPT platform in order to lure users to fake versions of those GPTs and send the data that users share with the […]

Or Eshed - October 10, 2024 Read more
LayerX Labs Identifies New Zero-Hour Phishing Attack Mimicking Microsoft Security Notifications
LayerX Labs

LayerX Labs Identifies New Zero-Hour Phishing Attack Mimicking Microsoft Security Notifications

LayerX Labs identified a new zero-day phishing campaign that impersonates Microsoft security notifications to lure victims into sharing their login credentials and payment details.  The attack mimics a Microsoft Windows Defender security alert, urging users to call a hotline number, enter their credentials, and provide payment to the call center to ‘secure’ their computer.  This […]

Or Eshed - October 10, 2024 Read more
Security Best Practices in the Aftermath of the Snowflake Data Breach
Executive Viewpoint

Security Best Practices in the Aftermath of the Snowflake Data Breach

Data warehousing giant Snowflake disclosed on May 23, 2024, that they experienced a data breach affecting at least 165 of its customers. Since Snowflake’s customers are industry giants such as LiveNation and Santander Bank, this incident is already shaping up to be one of the most significant data breaches in history. Snowflake has not yet […]

Or Eshed - July 07, 2024 Read more
The TLS Paradox: How Traffic Encryption Is Actually Leaving You Exposed
Executive Viewpoint

The TLS Paradox: How Traffic Encryption Is Actually Leaving You Exposed

Web traffic encryption (AKA SSL, TLS, HTTPS) has long been the norm for most web services, particularly so for corporate SaaS applications such as Salesforce, Microsoft Outlook 365, and Skype. To help protect this traffic from eavesdropping and potential sensitive data exposure, end-to-end encryption is a critical and effective security measure for reducing risk. Organizations, […]

Or Eshed - June 06, 2024 Read more
What is Shadow IT?
Executive Viewpoint

What is Shadow IT?

Shadow IT is the phenomenon of employees using IT systems, devices, software, applications, and services within an organization without explicit approval from the IT department. Employees usually choose this path when the available IT solutions provided by their organization do not meet their needs, are too cumbersome, or are perceived as inefficient. As a result, […]

Or Eshed - January 01, 2024 Read more
LayerX Now Available in the Microsoft Azure Marketplace
Company News

LayerX Now Available in the Microsoft Azure Marketplace

Microsoft Azure customers worldwide now gain access to LayerX to take advantage of the scalability, reliability, and agility of Azure to drive application development and shape business strategies. LayerX Security, a leading provider of enterprise browser security solutions, today announced the availability of its browser security extension LayerX in the Microsoft Azure Marketplace, an online […]

Or Eshed - January 01, 2024 Read more
What is URL Filtering?
Executive Viewpoint

What is URL Filtering?

URL filtering is the security process for blocking or allowing access to specific websites based on their URLs. The primary objective is to prevent users from accessing content that is deemed inappropriate, harmful, or not related to their tasks. This widely popular Internet usage policy is often implemented in various environments, from workplaces to educational […]

Or Eshed - January 01, 2024 Read more
Malicious Browser Extensions: Threats and Security Solutions
Executive Viewpoint

Malicious Browser Extensions: Threats and Security Solutions

In 2019, a network of browser extensions, primarily for Chrome, was revealed to have been scraping sensitive data from as many as four million users. The scraped data included PII, browsing history, medical information, and more. The data was then monetized through a commercialization scheme. This breach became known as the DataSpii incident, and it […]

Or Eshed - December 12, 2023 Read more
BYOD Alternatives for Your Enterprise
Executive Viewpoint

BYOD Alternatives for Your Enterprise

BYOD (Bring Your Own Device) has become a popular strategy for many enterprises, aiming to blend the convenience of personal devices with professional requirements. But is BYOD able to live up to its promise for increased flexibility and heightened productivity? In reality, BYOD introduces serious cybersecurity challenges. This is not to say BYOD shouldn’t be […]

Or Eshed - December 12, 2023 Read more
The Importance of a DLP Solution for Your Enterprise
Executive Viewpoint

The Importance of a DLP Solution for Your Enterprise

Data Loss Prevention (DLP) solutions help enterprises protect sensitive information from unauthorized access or exfiltration. For example, ensuring that intellectual property, personal information, financial records, and health records, are not lost, misused, or accessed by unauthorized individuals. As such, DLPs are a key solution in the organization’s cybersecurity strategy and stack. This blog post dives […]

Or Eshed - December 12, 2023 Read more
The Future of Enterprise Browsers
Executive Viewpoint

The Future of Enterprise Browsers

With businesses shifting to cloud-based services and remote or hybrid work becoming ubiquitous, the web browser has become the central hub of enterprise productivity. As such, it also requires dedicated security controls. Enterprise browsers and extensions are the security solutions that protect against web-borne threats and risks that exploit the browser. In this blog post, […]

Or Eshed - November 11, 2023 Read more
Virtual Desktop Infrastructure Alternatives you Should Consider
Executive Viewpoint

Virtual Desktop Infrastructure Alternatives you Should Consider

Virtual Desktop Infrastructure Alternatives you Should Consider Virtual Desktop Infrastructure (VDI) is a remote connectivity technology that operates by hosting a user’s desktop environment on a remote server/virtual machine. This makes the desktop accessible from any device with an internet connection. With VDIs, organizations get flexibility for remote work, since VDIs free employees from having […]

Or Eshed - October 10, 2023 Read more
Shadow IT in the Hybrid Work Era
Executive Viewpoint

Shadow IT in the Hybrid Work Era

Globalization and cloudification have enabled the adoption of remote and hybrid work models. This new workstyle provides businesses and employees with unprecedented flexibility, access to a global talent pool, and the ability to expand to new markets, among several other benefits. However, it has also driven a new risky practice: Shadow IT. “Shadow IT” is […]

Or Eshed - October 10, 2023 Read more
Secure Browsing Practices For Your Business
Executive Viewpoint

Secure Browsing Practices For Your Business

Enterprise Security Secure Web Browsing

In recent years, the browser has become the core working interface. However, web-borne cyber attacks and data breaches can compromise sensitive data, disrupt business operations, and even lead to financial losses. IT teams are responsible for implementing robust cybersecurity practices controls that protect against malware, ransomware, phishing attacks, pasting sensitive data into ChatGPT, and other […]

Or Eshed - September 09, 2023 Read more
Taming the Wild Web with Browser Security: A CISO’s Perspective
Executive Viewpoint

Taming the Wild Web with Browser Security: A CISO’s Perspective

The browser security industry is rapidly gaining prominence and capturing significant attention in the cybersecurity landscape. A number of browser security companies have been established as an answer to the market’s demand for securing the most popular organizational workspace. Without browser security solutions, CISOs are left to trust cloud security solutions, which were designed to […]

Ira Winkler - July 07, 2023 Read more
Malicious Chrome Extensions You Should Remove from Your Browser
Executive Viewpoint

Malicious Chrome Extensions You Should Remove from Your Browser

Secure Web Browsing

Chrome extensions are small software programs that can be added to the Google Chrome web browser to enhance its functionality and customize their browsing experience. They are typically developed by third-party developers and can be found in the Chrome Web Store. But while Chrome extensions offer numerous benefits, they can also pose potential vulnerabilities to […]

Or Eshed - July 07, 2023 Read more
Why are Security Leaders Moving from Browser Isolation to Browser Security Extension Solutions?
Executive Viewpoint

Why are Security Leaders Moving from Browser Isolation to Browser Security Extension Solutions?

DLP Secure Web Browsing

More and more security decision makers have come to realize that the browser is the ultimate frontline against multiple cyber threats. This insight has led them to add Browser Isolation solutions to their security stacks. However, we have lately witnessed an increasing trend of security professionals who are moving away from these solutions and towards […]

Or Eshed - July 07, 2023 Read more
How to Detect and Protect Your Business from Phishing Attacks
Executive Viewpoint

How to Detect and Protect Your Business from Phishing Attacks

DLP

In recent years, businesses have witnessed a concerning rise in phishing attacks. According to the Verizon DBIR 2023, phishing is one of three primary ways in which attackers access an organization. These deceptive tactics exploit human vulnerabilities, tricking employees into revealing sensitive information or granting unauthorized access to cybercriminals. As a result, they pose a […]

Or Eshed - July 07, 2023 Read more
New Research: How Risky is GenAI Data Exposure Risk?
Executive Viewpoint

New Research: How Risky is GenAI Data Exposure Risk?

Generative AI Secure Web Browsing

As an industry leader in browser security, we are committed to shedding light on the risks associated with revolutionary technologies, like GenAI tools. Our latest research, “Revealing the True GenAI Data Exposure Risk”, provides critical insights into the scope and nature of these risks. Specifically, we examine the troubling risk of data exfiltration through GenAI. […]

Or Eshed - June 06, 2023 Read more
Cyber Security Risks of ChatGPT and Generative AI Tools
Executive Viewpoint

Cyber Security Risks of ChatGPT and Generative AI Tools

Enterprise Security

Generative AI tools like ChatGPT are taking the world by storm. Like any new technology, CISOs need to find a way to embrace the opportunities while protecting the organization from generative AI and ChatGPT risks. Let’s explore the opportunities and security best practices in this article. What is Generative AI? Generative AI is a type […]

Or Eshed - May 05, 2023 Read more
2023 Browser Security Survey Report: Key Findings
Executive Viewpoint

2023 Browser Security Survey Report: Key Findings

Enterprise Security Secure Web Browsing

As the adoption of SaaS continues to soar, the browser has become the key work interface in today’s corporate world. However, this heavy reliance on browsers also exposes organizations to a range of cybersecurity threats and operational risks they need to protect against. To gain insights into how CISOs are managing these security challenges, we […]

Or Eshed - May 05, 2023 Read more
The Importance of Browser Security in Financial Companies
Executive Viewpoint

The Importance of Browser Security in Financial Companies

Enterprise Security

Financial firms have not been exempt from the spur in cybersecurity attacks. According to the 2022 Verizon DBIR report, “The Financial sector continues to be victimized by financially motivated organized crime, often via the actions of Social (Phishing), Hacking (Use of stolen credentials) and Malware (Ransomware).” Therefore, to protect and secure customer data and meet […]

Or Eshed - May 05, 2023 Read more
Protecting Your Company’s Data Crown Jewels: How to Solve ChatGPT Security Risks with LayerX Browser Security Platform
Executive Viewpoint

Protecting Your Company’s Data Crown Jewels: How to Solve ChatGPT Security Risks with LayerX Browser Security Platform

Enterprise Security

With ChatGPT being 1.16 billion users strong, it has become an inseparable part of many people’s lives. This significant user base requires security and IT teams to find and implement a solution in their stack that can protect the organization from its potential security vulnerabilities.  This is not a hypothetical risk; numerous reports of potential […]

Or Eshed - May 05, 2023 Read more
Malicious iPhone application distributed using sophisticated desktop malvertising campaign
LayerX Labs

Malicious iPhone application distributed using sophisticated desktop malvertising campaign

Secure Web Browsing

In the last few years, both attackers and defenders have increased their capabilities in the infinite cat-and-mouse game. Attackers have scaled their phishing operations for stealing credentials and identities. Defenders have adopted a zero trust security approach in which users often use their mobile devices to authenticate into their desktop applications. The chase goes on. […]

Or Eshed - April 04, 2023 Read more
The Dark Side of Enterprise Browsers: Fact-Checking 6 of Their Claims
Executive Viewpoint

The Dark Side of Enterprise Browsers: Fact-Checking 6 of Their Claims

Enterprise Security Secure Web Browsing

In 2022 there was tremendous hype around browser security and enterprise browsers. But while they claim to provide “enterprise grade security”, enterprise browsers are actually far from perfect. In fact, they have some critical downsides. What are they and what’s the alternative? In this blog I will distinguish between browser security and enterprise browsers, address […]

Or Eshed - March 03, 2023 Read more
2023 Browser Security Annual Report Reveals Emerging Browsing Risks and Blind Spots that Security Teams Must Address
Executive Viewpoint

2023 Browser Security Annual Report Reveals Emerging Browsing Risks and Blind Spots that Security Teams Must Address

Secure Web Browsing

As we spend more time online, the security of our browsers has become increasingly important. Our browsers are the gatekeepers to the vast amount of information available on the internet, and protecting them from threats is crucial to keeping organizations’ data safe. In the “2023 Browser Security Annual Report” (download the full report here), we […]

Or Eshed - March 03, 2023 Read more
Top 5 Browsers – How Secure Are They for Your Business?
Executive Viewpoint

Top 5 Browsers – How Secure Are They for Your Business?

Secure Web Browsing

New year, new cyber threats. Experts predict that consumer data will be at high risk this year, and attackers are likely to get it through attacks on large corporations and financial institutions, among others. As you assess your security going into 2023, you’ll want to make sure all the bases are covered, including browser security. […]

Or Eshed - January 01, 2023 Read more
Reputation-based Security is Not Working. What Now?
Executive Viewpoint

Reputation-based Security is Not Working. What Now?

DLP Secure Web Browsing

In the past couple of years, we have witnessed unprecedented growth in cyber attacks originating from the web: phishing schemes, social engineering, malware sites and other malicious attacks. One of the main security services offered on the market nowadays for user protection against these threats is reputation-based URL filters. Reputation-based security services determine the security […]

Or Eshed - January 01, 2023 Read more
Mitigate the LastPass Attack Surface in your Environment with the LayerX Free Tool
Executive Viewpoint

Mitigate the LastPass Attack Surface in your Environment with the LayerX Free Tool

Secure Web Browsing

The latest breach announced by LastPass is a major cause for concern to security stakeholders. As often occurs, we are at a security limbo – on one hand, as LastPass has noted, users followed LastPass best practices would practically be exposed to zero to extremely low risk. However, saying that password best practices are not […]

Or Eshed - December 12, 2022 Read more
The Rise of Phishing and How to Protect Your Organization From Advanced Attacks
Executive Viewpoint

The Rise of Phishing and How to Protect Your Organization From Advanced Attacks

DLP Secure Web Browsing

What is Phishing? Phishing is a type of cybersecurity attack in which malicious actors disguise themselves as a trusted person, website or other entity and interact directly with the victim through messages. The bad actors use these messages to obtain sensitive information or deploy malicious software on the victim’s infrastructure. In an organization, once a phishing […]

Or Eshed - December 12, 2022 Read more
Browser Isolation Out; Browser Security In
Executive Viewpoint

Browser Isolation Out; Browser Security In

Enterprise Security Secure Web Browsing

With 80% of web attacks being browser-borne, organizations are constantly exposed to various attacks when employees use their browser. These include drive-by downloads, malvertising, malicious code injection, cross site scripting and many others. As a result, organizations are constantly searching for effective ways to protect against web-borne  risks, threats and attacks. Some organizations turn to […]

Or Eshed - November 11, 2022 Read more
Why We Built LayerX: Picking Up Where Legacy Browser Security Fails
Company News

Why We Built LayerX: Picking Up Where Legacy Browser Security Fails

Enterprise Security Secure Web Browsing

The idea to build a browser security platform has been on my mind for several years. In the last decade, I have seen and experienced the browser security world from both sides of the barricade. First, during my service as an information warfare specialist in the IDF Intelligence directorate, and then in my career as […]

Or Eshed - November 11, 2022 Read more