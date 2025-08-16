Palo Alto, CA, 2025-08-16 — /EPR Network/ — SquareX, the leading browser security company, will be disclosing multiple key research findings at Black Hat USA and DEF CON 33, 2025 this August. Through multiple talks, the researchers will be revealing critical architectural vulnerabilities in passkey authentication systems, enterprise DLP and browser extensions.



At Black Hat USA, SquareX Founder Vivek Ramachandran will present “Browser-Native Security in a Browser First World.” The talk addresses how enterprises defend against browser-based threats when employees now spend 80% of their device time in browsers. Vivek will reveal the latest TTPs attackers are using to bypass existing security technologies like SASE, EDR, and endpoint DLP.

At the DEF CON 33 mainstage, Shourya Pratap Singh, Jonathan Lin and Daniel Seetoh will reveal a new technique for subverting passkey authentication in the talk “Passkeys Pwned: Turning WebAuthn Against Itself.” Over the past three years, passkeys have gained widespread adoption among major vendors like Apple, Google, and Microsoft, aiming to replace passwords with a more secure authentication method. Despite passkeys being positioned as the future of secure authentication, our research demonstrates that passkeys remain vulnerable to sophisticated attacks.



At Recon Village, Nishant Sharma and Shourya Pratap Singh will present “Plug and Prey: Scanning and Scoring Browser Extensions,” introducing ExtHuntr, an open-source tool that scans for installed browser extensions, analyzes their permissions and behavior, generates risk scores and gives defenders visibility that they need.



SquareX’s Head of Security Research Nishant Sharma will also conduct a two-hour workshop titled “Serverless but Not Defenseless: A Security Deep Dive into Cloud Run” at Cloud Village, equipping attendees with a practical guide to securely deploy and manage services on Cloud Run using DevSecOps principles and more.

Also at Black Hat USA, SquareX’s Audrey Adeline will also participate in “The Trailblazer’s Guide to Cybersecurity,” discussing the experiences of first-generation technology professionals in cybersecurity and share more about the official launch of The Browser Security Field Manual, a book written in collaboration with top Fortune 500 and leading tech company CISOs on the latest techniques attackers are using to target employees in the browser.



“Over the past year, we have been releasing bleeding edge research on architectural browser vulnerabilities as part of the Year of Browser Bugs project. We believe that deeply understanding the attacker mindset is the only way to defend against the newest threat vectors, and we believe that it is critical to share these findings at industry leading conferences like Black Hat and DEF CON,” said Vivek Ramachandran, Founder of SquareX. “This year’s research demonstrates critical gaps that traditional security solutions simply cannot address – everything from passkey to browser extension vulnerabilities. We will also be sharing multiple open source browser-native security tools that enterprises need to plug the browser security gap.”

SquareX Upcoming Talks:

Black Hat: Black Hat – Talk (Mandalay Bay L) | Browser-Native Security in a Browser First World | Vivek Ramachandran | Wednesday, August 6 | 12:00pm-12:20pm Black Hat – Briefings (Community Lounge, Business Hall) | Cybersecurity Trailblazer Discussion | Audrey Adeline | Wednesday, August 6 | 11:00am-11:40am

DEF CON 33: DEF CON 33 – Mainstage Talk (L1 – EHW3 – Track 3) | Passkeys Pwned: Turning WebAuthn Against Itself | Shourya Pratap Singh, Jonathan Lin and Daniel Seetoh | Sunday, August 10 | 11:30am-12.15pm DEF CON 33 – RECON Village | Talk: Plug and Prey: Scanning and Scoring Browser Extensions | Shourya Pratap Singh and Nishant Sharma | Saturday, August 9 | 2:20pm-3:05pm DEF CON 33 – Cloud Village | Workshop: Serverless but Not Defenseless: A Security Deep Dive into Cloud Run | Nishant Sharma | Saturday, August 9 | 11.00am-1.00pm DEF CON 33 – Demo Labs (Room 208) | Session 1: Copycat: Identity Stealer Extension | SquareX Researchers | Friday, August 8 | 12pm-12.45pm DEF CON 33 – Demo Labs (Room 210) | Session 1: Angry Magpie: DLP Bypass Simulator | SquareX Researchers | Friday, August 8 | 3.00pm-3.45pm DEF CON 33 – Demo Labs (Room 212) | Session 2: Angry Magpie: DLP Bypass Simulator | SquareX Researchers | Saturday, August 9 | 9.00am-9.45am DEF CON 33 – Demo Labs (Room 209) | Session 2: Copycat: Identity Stealer Extension | SquareX Researchers | Saturday, August 9 | 11.00am-11.45am



About SquareX:



SquareX‘s browser extension turns any browser on any device into an enterprise-grade secure browser. SquareX’s industry-first Browser Detection and Response (BDR) solution empowers organizations to proactively detect, mitigate, and threat-hunt client-side web attacks including malicious browser extensions, advanced spearphishing, browser-native ransomware, genAI DLP, and more.



Unlike legacy security approaches and cumbersome enterprise browsers, SquareX seamlessly integrates with users’ existing consumer browsers, ensuring enhanced security without compromising user experience or productivity. By delivering unparalleled visibility and control directly within the browser, SquareX enables security leaders to reduce their attack surface, gain actionable intelligence, and strengthen their enterprise cybersecurity posture against the newest threat vector – the browser.



Find out more at www.sqrx.com