SquareX Highlights SWG Vulnerability; Palo Alto Networks Responds to Research Findings

Speedy Summary

• SquareX discovered and disclosed Last mile Reassembly (LMR) attacks at DEF CON 32 in 2024, which exploit Secure Web Gateway (SWG) architectural limitations to bypass security and smuggle malware into browsers.
• Palo alto Networks recently became the first major SASE/SSE vendor to publicly acknowledge SWGs’ inability to defend against LMR attacks. They noted that “the browser is becoming the new operating system for enterprises” and called for browser-native security solutions.
• Attacks include techniques such as chunking malware into pieces or using unmonitored dialog channels like WebRTC and gRPC, with over 20 known methods identified by SquareX’s research team.
• SquareX expanded its research scope through initiatives like “The Year of Browser Bugs,” discovering critical vulnerabilities impacting browsers, including issues with passkeys and malicious extensions impersonating crypto wallets/password managers.
• Browser-native security solutions are being increasingly emphasized as essential for mitigating cutting-edge threats in enterprise settings by researchers at SquareX.

Read More

Indian Opinion Analysis
The public acknowledgment of Last Mile Reassembly attacks by a important cybersecurity player such as Palo Alto Networks signals a pivotal shift toward redefining corporate cybersecurity strategies globally, including India’s rapidly evolving IT landscape.With Indian enterprises heavily relying on cloud-based applications facilitated through browsers, this development points to critical vulnerabilities within existing proxy-driven architectures like swgs.

For india-where digital transformation drives economic innovation-the prioritization of browser-native security measures could mitigate risks posed by novel attack vectors targeting sensitive trade data or government systems reliant on web applications. In addition, raising awareness within India’s cybersecurity community about research breakthroughs like those from SquareX can set higher national standards for threat mitigation frameworks.

This evolution underscores an urgent call-to-action: investment in advanced defense platforms integrating proactive detection layers tailored specifically for modern browsers must match India’s growing cyberspace activity volume-an echo heard worldwide but especially relevant given India’s scale of digitization efforts.

Read More