Securing the browser session layer to reduce enterprise browser-based phishing and session-layer abuse
Defensive Guidance
Summary
Hide ▲
Show ▼
Enterprise browser-session hardening is being emphasized to reduce browser-based phishing and session-layer abuse across enterprise environments. The guidance targets a control gap where traditional defenses miss activity that happens inside the browser rather than a standalone app. It is aimed at organizations handling email, SaaS, collaboration, AI assistant, financial, and credential-management workflows in-browser.
Related Happenings
Enterprise browser phishing detection gaps leave one in five attacks undetected
Trend
H score29
First: 10.06.2026 18:30
Last: 10.06.2026 18:30
Sources 1
How related:
Published on June 9, Menlo Security's 2026 Browser Threat Report found that one in five phishing attacks which target the enterprise browser users go completely undetected by the tools which are supposed to protect the network and its users from attacks.
About this happening:
Browser-based phishing is leaving **enterprise users** exposed, with **one in five** attacks going completely undetected across **millions of active browser sessions** from **Janu...
Enterprise browser phishing detection gaps leave one in five attacks undetected
TrendHow related: Published on June 9, Menlo Security's 2026 Browser Threat Report found that one in five phishing attacks which target the enterprise browser users go completely undetected by the tools which are supposed to protect the network and its users from attacks.
About this happening: Browser-based phishing is leaving **enterprise users** exposed, with **one in five** attacks going completely undetected across **millions of active browser sessions** from **Janu...
Torg Grabber browser-extension theft activity
Malware Activity
H score21
First: 25.03.2026 20:32
Last: 25.03.2026 20:32
Sources 1
About this happening:
The **Torg Grabber** infostealer is actively stealing data from **850 browser extensions**, including **728 cryptocurrency wallet extensions**, which raises the risk of account ta...
Torg Grabber browser-extension theft activity
Malware ActivityAbout this happening: The **Torg Grabber** infostealer is actively stealing data from **850 browser extensions**, including **728 cryptocurrency wallet extensions**, which raises the risk of account ta...
Matrix Push C2 browser push notification malware delivery
Malware Activity
H score38
First: 21.11.2025 17:45
Last: 21.11.2025 17:45
Sources 1
About this happening:
The **Matrix Push C2** platform is abusing **browser push notifications** to deliver fake alerts and steer victims to **malicious sites**, expanding malware delivery across **Wind...
Matrix Push C2 browser push notification malware delivery
Malware ActivityAbout this happening: The **Matrix Push C2** platform is abusing **browser push notifications** to deliver fake alerts and steer victims to **malicious sites**, expanding malware delivery across **Wind...
Sneaky2FA ecosystem shift changes threat-actor operations
Threat Actor Meta
H score41
First: 19.11.2025 23:59
Last: 19.11.2025 23:59
Sources 1
About this happening:
**Sneaky2FA** has added **browser-in-the-browser (BitB)** lures to its phishing service, increasing its ability to steal **Microsoft credentials** and **active sessions**. The new...
Sneaky2FA ecosystem shift changes threat-actor operations
Threat Actor MetaAbout this happening: **Sneaky2FA** has added **browser-in-the-browser (BitB)** lures to its phishing service, increasing its ability to steal **Microsoft credentials** and **active sessions**. The new...
Sneaky 2FA BitB phishing activity
Malware Activity
H score15
First: 18.11.2025 20:31
Last: 18.11.2025 20:31
Sources 1
About this happening:
The **Sneaky 2FA** phishing kit has added **Browser-in-the-Browser (BitB)** pop-ups, making **credential theft** and **Microsoft account** takeover easier at scale. Attack chains...
Sneaky 2FA BitB phishing activity
Malware ActivityAbout this happening: The **Sneaky 2FA** phishing kit has added **Browser-in-the-Browser (BitB)** pop-ups, making **credential theft** and **Microsoft account** takeover easier at scale. Attack chains...
Timeline
-
10.06.2026 18:30 2 articles · 2h ago
Menlo Security urges securing the browser session layer against enterprise phishing
Initial DisclosureMenlo Security warns that traditional enterprise security tools are missing phishing and social-engineering activity happening inside browser sessions, including attacks that exploit user interactions such as CAPTCHAs, Cloudflare verification screens, and ClickFix-style command pasting. The company says organizations need to pay more attention to securing the browser session layer because legacy URL filtering and other defenses were not built to operate there, while one in five phishing attacks targeting enterprise browser users went completely undetected in the telemetry set.
Show sources
- Cybersecurity Software Fails to Detect Fifth of Brower-Based Phishing Attacks — www.infosecurity-magazine.com — 10.06.2026 18:30
- Cybersecurity Software Fails to Detect Fifth of Brower-Based Phishing Attacks — www.infosecurity-magazine.com — 10.06.2026 18:30