San Francisco, United States / California, 30th January 2025, CyberNewsWire

**San Francisco, United States / California, January 30th, 2025, CyberNewsWire**

Doppler, the leading provider of secrets management solutions, announced a new integration with Datadog, a cloud application monitoring and security platform. This collaboration provides engineering and operations teams with an integrated solution for securely managing sensitive credentials and gaining insights into cloud environments through real-time monitoring.

In an era of rapid cloud adoption, DevOps and security teams face mounting challenges in safeguarding sensitive data across distributed systems. By combining Doppler’s automated secrets management capabilities with Datadog’s comprehensive monitoring platform, this integration enables teams to enhance their security practices while maintaining operational visibility. Doppler’s automated secrets storage and rotation, paired with Datadog’s continuous monitoring, empowers teams to mitigate risks of secret sprawl and prevent unauthorized access in a scalable, automated fashion.

**Streamlining security and visibility across cloud environments**

Many DevOps teams need help maintaining consistent security practices as secrets are often scattered across environments, increasing the risk of misconfigurations. The Doppler integration with Datadog addresses this issue head-on by creating a centralized workflow for managing secrets and monitoring activity across all environments. With Datadog’s alerts and Doppler’s automated security measures, teams can detect and respond to suspicious activity, helping to ensure security and compliance.

> “We are thrilled to integrate with Datadog to combine our secrets management capabilities with their monitoring platform,” said Brian Vallelunga, CEO and Founder of Doppler. “This integration simplifies security for developers and gives organizations the ability to manage secrets at scale, gaining visibility and control over sensitive information across the entire cloud environment. Together, we’re helping teams protect their data while allowing them to stay focused on building great software.”

**How the Doppler-Datadog Integration Solves Key Security Challenges**

*   **Automated secrets management**: Doppler’s platform automates the rotation, storage, and encryption of secrets, minimizing the risk of human error and unauthorized access.
*   **Real-time monitoring and alerts**: Datadog’s continuous monitoring enables teams to track secret usage, receive alerts for suspicious access, and respond quickly to any anomalies.
*   **Security across hybrid environments**: This integration unifies secrets management and monitoring, providing consistency in security practices across hybrid and multi-cloud setups.

**Centralized deployment for DevOps and Security teams**

The integration allows teams to centralize secrets management in Doppler while benefiting from Datadog’s secret usage observability. This provides a simplified solution for both managing and monitoring sensitive information. This approach enhances security without disrupting workflows, helping organizations to meet compliance requirements, reduce risk, and modernize their operations.

**Availability**

The integration is available now. For more information on how this integration can improve users’ security posture and improve secrets management, users can visit the Datadog Integration Documentation.

**About Doppler**

Doppler is a leader in secrets management, providing a centralized, secure solution that automates handling sensitive information such as API keys, tokens, and credentials. Thousands of development teams worldwide trust Doppler to simplify secrets management, improve operational efficiency, and prevent data breaches.

**Contact**

**Doppler Press**  
**\[email protected\]**

Doppler announces integration with Datadog to streamline security and monitoring

Whether by intercepting its traffic or just giving it a little nudge, GitHub's AI assistant can be made to do malicious things it isn't supposed to.

Source: Mykhailo Polenok via Alamy Stock Photo

Researchers have discovered two new ways to manipulate GitHub's artificial intelligence (AI) coding assistant, Copilot, enabling the ability to bypass security restrictions and subscription fees, train malicious models, and more.

The first trick involves embedding chat interactions inside of Copilot code, taking advantage of the AI's instinct to be helpful in order to get it to produce malicious outputs. The second method focuses on rerouting Copilot through a proxy server in order to communicate directly with the OpenAI models it integrates with.

Researchers from Apex deem these issues vulnerabilities. GitHub disagrees, characterizing them as "off-topic chat responses," and an "abuse issue," respectively. In response to an inquiry from Dark Reading, GitHub wrote, "We continue to improve on safety measures in place to prevent harmful and offensive outputs as part of our responsible AI development. Furthermore, we continue to invest in opportunities to prevent abuse, such as the one described in Issue 2, to ensure the intended use of our products."

**Jailbreaking GitHub Copilot**

"Copilot tries as best as it can to help you write code, \[including\] everything you write inside a code file," Fufu Shpigelman, vulnerability researcher at Apex explains. "But in a code file, you can also write a conversation between a user and an assistant."

In the screenshot below, for example, a developer embeds within their code a chatbot prompt, from the perspective of an end user. The prompt carries ill intent, asking Copilot to write a keylogger. In response, Copilot suggests a safe output denying the request:

Source: Apex

The developer, however, is in full control over this environment. They can simply delete Copilot's autocomplete response, and replace it with a malicious one.

Or, better yet, they can influence Copilot with a simple nudge. As Shpigelman notes, "It's designed to complete meaningful sentences. So if I delete the sentence 'Sorry, I can't assist with that,' and replace it with the word 'Sure,' it tries to think of how to complete a sentence that starts with the word 'Sure.' And then it helps you with your malicious activity as much as you want." In other words, getting Copilot to write a keylogger in this context is as simple as gaslighting it into thinking it wants to.

Source: Apex

A developer could use this trick to generate malware, or malicious outputs of other kinds, like instructions on how to engineer a bioweapon. Or, perhaps, they could use Copilot to embed these sorts of malicious behaviors into their own chatbot, then distribute it to the public.

**Breaking Out of Copilot Using a Proxy**

To generate novel coding suggestions, or process a response to a prompt — for example, a request to write a keylogger — Copilot engages help from cloud-based large language models (LLM) like Claude, Google Gemini, or OpenAI models, via those models' application programming interfaces (APIs).

The second scheme Apex researchers came up with allowed them to plant themselves in the middle of this engagement. First they modified Copilot's configuration, adjusting its "github.copilot.advanced.debug.overrideProxyUrl" setting to redirect traffic through their own proxy server. Then, when they asked Copilot to generate code suggestions, their server intercepted the requests it generated, capturing the token Copilot uses to authenticate with OpenAI. With the necessary credential in hand, they were able to access OpenAI's models without any limits or restrictions, and without having to pay for the privilege.

And this token isn't the only juicy item they found in transit. "When Copilot \[engages with\] the server, it sends its system prompt, along with your prompt, and also the history of prompts and responses it sent before," Shpigelman explains. Putting aside the privacy risk that comes with exposing a long history of prompts, this data contains ample opportunity to abuse how Copilot was designed to work.

A "system prompt" is a set of instructions that defines the character of an AI — its constraints, what kinds of responses it should generate, etc. Copilot's system prompt, for example, is designed to block various ways it might otherwise be used maliciously. But by intercepting it en route to an LLM API, Shpigelman claims, "I can change the system prompt, so I won't have to try so hard later to manipulate it. I can just \[modify\] the system prompt to give me harmful content, or even talk about something that is not related to code."

For Tomer Avni, co-founder and CPO of Apex, the lesson in both of these Copilot weaknesses "is not that GitHub isn't trying to provide guardrails. But there is something about the nature of an LLM, that it can always be manipulated no matter how many guardrails you're implementing. And that's why we believe there needs to be an independent security layer on top of it that looks for these vulnerabilities."

**About the Author**

Nate Nelson is a writer based in New York City. He formerly worked as a reporter at Threatpost, and wrote "Malicious Life," an award-winning Top 20 tech podcast on Apple and Spotify. Outside of Dark Reading, he also co-hosts "The Industrial Security Podcast."

New Jailbreaks Allow Users to Manipulate GitHub Copilot

DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-mm49-4f2g-c3wf: DevDojo Voyager vulnerable to reflected Cross-site Scripting

DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass.

GHSA-j63m-2vr6-fv7m: DevDojo Voyager vulnerable to path traversal

A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. 
The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-fcrw-mphx-7cxf: Wildfly Server Role Based Access Control (RBAC) provider has Improper Access Control

The rate of evolution has been glacial, but tools now understand cloud environments and can target Web applications.

Alex Haynes, Chief Information Security Officer, IBS Software

January 30, 2025

4 Min Read

Source: Rancz Andrei via Alamy Stock Photo

COMMENTARY

When automated pen-testing tools appeared a few years ago they prompted an interesting question: How close are they to replacing human pen testers? While the short answer was "not that close — yet," they definitely had potential and were worth keeping an eye on.

As I've just had the chance to review the latest iteration of these tools, it's interesting to see how they've evolved and how close are they now are to replacing the human pen tester for offensive security work.

When I test an automated pen tester, I compare it with a human one, in terms of speed, capability, and capacity, as well as output (i.e., the resulting report). The big problems earlier automated pen testers suffered from included:

*   Difficulty exploiting or seeing certain things that are obvious to human pen testers, including taking advantage of vulnerabilities that have publicly released exploits
    
*   Did not understand Web applications, at all 
    
*   Could only be used from "inside" the network; they couldn't pen test from the outside (mainly due to the aforementioned ignorance of Web applications)
    

**How Have Automated Pen Testers Changed Since Then?**

New pen testers finally understand Web applications — hooray! They can attack them both from inside and outside the perimeter. This is a welcome development, but they still have teething issues. Due to a very mature market in Web application scanners they would need to be able to both detect vulnerabilities with a low false positive ratio and be able to exploit them to pivot to other assets.

Unfortunately, they don't do this well enough to be distinctive in their own right — they'll find vulnerabilities that are obvious enough, but on a vulnerable box weren't able to detect even blatant SQLi or validate potential XSS vulnerabilities to weed out false positives. There are flashes of brilliance, however. An internal Web endpoint had a file upload vulnerability that was previously undetected by any other tool (this wasn't even found by human pen testers), but overall, it's underwhelming. Today's offerings in Web application scanners will do much better than this.

The second big improvement is cloud environments. As most pen testers will tell you, navigating an on-premises Active Directory-based environment is markedly different from pivoting in a native Amazon Web Services (AWS) environment, as the assets and the exploits you will use are completely different. Privilege escalation now relies on leveraging poorly configured cloud assets to abuse an identity and access management (IAM) role or grab some AWS keys to go further. Naturally, you'll also find the traditional vulnerabilities that include unpatched machines and misconfigured ports and services. Here, again, automated pen-testing tools have evolved, and can navigate and understand these environments. This puts them on par with CNAPP-type offerings, since they aren't bound by the traditional VM- or IP-bound asset.

As the cloud is a relatively new sphere for these tools, they can struggle. Unless they are given an assumed role, they won't find much at all. What's worse, they will flag the fact that they've assumed an IAM role a vulnerability itself — this would be like giving pen testers local admin abilities so they can begin a pen test and them pointing out your security is bad because you've just given them local admin.

Automated pen testers also struggle to enumerate their own network when they are given access — machines that are obviously on the same virtual private cloud (VPC) or virtual LAN (VLAN) will be ignored or scanned haphazardly. This is better than some automated pen testing tools that still don't even work in cloud environments unless they can reach an Active Directory machine. 

**Automated Pen Testers' Advantages**

All of the other advantages you'd expect from these tools remain, however. They can run through an iteration of a pen test quickly — in a matter of hours if you wish (this is configurable). The reports they produce are top-notch and comparable to any report a human pen tester would produce. If you were to hand this to a qualified security assessor (QSA), they would have a hard time distinguishing the difference.

Naturally, due to their automated nature, you can propagate these on huge environments and repeat them on a daily basis if you wish. This is where automated pen testers leave humans in the dust — no company can repeat daily pen tests on large environments, even with significant budgets, nor would the human team be able to complete it in this time and write up a report with verifiable actions to make it meaningful enough. (Keep one thing in mind: These tools aren't cheap.)

Overall, it's good to see these tools evolve. The rate of change is glacial, but they now understand cloud environments and can target Web applications, though they are still temperamental, costly, and miss a few things. One could argue humans are the same. For now, however, humans maintain the advantage — but they aren't mutually exclusive. Just like crowdsourced security and traditional pen testing, automated pen testing is now another tool that can be layered onto your offensive security testing, where it can help you find the exploits that matter to your organization.

**About the Author**

Chief Information Security Officer, IBS Software

Alex Haynes is a former pen tester with a background in offensive security and is credited for discovering vulnerabilities in products by Microsoft, Adobe, Pinterest, Amazon Web Services and IBM. He is a former top 10 ranked researcher on Bugcrowd and a member of the Synack Red Team. He is currently CISO at IBS Software. Alex has contributed to United States Cyber Security Magazine, Cyber Defense Magazine, Infosecurity Magazine, and IAPP tech blog. He also has spoken at security conferences including OWASP and ISC Security Summits.

Automated Pen Testing Is Improving — Slowly

Palo Alto, USA, 30th January 2025, CyberNewsWire

**SquareX discloses a new attack technique that shows how malicious extensions can be used to completely hijack the browser, and eventually, the whole device.**

**PALO ALTO, Calif., Jan. 30, 2025** — Browser extensions have been under the spotlight in enterprise security news recently due to the wave of OAuth attacks on Chrome extension developers and data exfiltration attacks. However, until now, due to the limitations browser vendors place on the extension subsystem and extensions, it was thought to be impossible for extensions to gain full control of the browser, much less the device.

SquareX researchers Dakshitaa Babu, Arpit Gupta, Sunkugari Tejeswara Reddy and Pankaj Sharma debunked this belief by demonstrating how attackers can use malicious extensions to escalate privileges to conduct a full browser and device takeover, all with minimal user interaction. Critically, the malicious extension only requires read/write capabilities present in the majority of browser extensions on the Chrome Store, including common productivity tools like Grammarly, Calendly and Loom, desensitizing users from granting these permissions. This revelation suggests that virtually any browser extension could potentially serve as an attack vector if created or taken over by an attacker. To the best of our understanding, extensions submitted to the Chrome Store requesting these capabilities are not put through additional security scrutiny at the time of this writing.

The browser syncjacking attack can be broken up into three parts: how the extension silently adds a profile managed by the attacker, hijacks the browser and eventually gains full control of the device.

**Profile Hijacking**

The attack begins with an employee installing any browser extension – this could involve publishing one that masquerades as an AI tool or taking over existing popular extensions that may have up to millions of installations in aggregate. The extension then “silently” authenticates the victim into a Chrome profile managed by the attacker’s Google Workspace. This is all done in an automated manner in a background window, making the whole process almost imperceptible to the victim. Once this authentication occurs, the attacker has full control over the newly managed profile in the victim’s browser, allowing them to push automated policies such as disabling safe browsing and other security features.

Using a very clever social engineering attack that exploits trusted domains, the adversary can then further escalate the profile hijacking attack to steal passwords from the victim’s browser. For example, the malicious extension can open and modify Google’s official support page on how to sync user accounts to prompt the victim to perform the sync with just a few clicks. Once the profile is synced, attackers have full access to all credentials and browsing history stored locally. As this attack only leverages legitimate sites and has no visible sign that it has been modified by the extension, it will not trigger any alarm bells in any security solutions monitoring the network traffic.

**Browser Takeover**

To achieve a full browser takeover, the attacker essentially needs to convert the victim’s Chrome browser into a managed browser. The same extension monitors and intercepts a legitimate download, such as a Zoom update, and replaces it with the attacker’s executable, which contains an enrollment token and registry entry to turn the victim’s Chrome browser into a managed browser. Thinking that they downloaded a Zoom updater, the victim executes the file, which ends up installing a registry entry that instructs the browser to become managed by the attacker’s Google Workspace. This allows the attacker to gain full control over the victim’s browser to disable security features, install additional malicious extensions, exfiltrate data and even silently redirect users to phishing sites. This attack is extremely potent as there is no visual difference between a managed and unmanaged browser. For a regular user, there is no telltale sign that a privilege escalation has occurred unless the victim is highly security aware and goes out of their way to regularly inspect their browser settings and look for associations with an unfamiliar Google Workspace account.

**Device Hijacking**

With the same downloaded file above, the attacker can additionally insert registry entries required for the malicious extension to message native apps. This allows the extension to directly interact with local apps without further authentication. Once the connection is established, attackers can use the extension in conjunction with the local shell and other available native applications to secretly turn on the device camera, capture audio, record screens and install malicious software – essentially providing full access to all applications and confidential data on the device.

The browser syncjacking attack exposes a fundamental flaw in the way remote-managed profiles and browsers are managed. Today, anyone can create a managed workspace account tied to a new domain and a browser extension without any form of identity verification, making it impossible to attribute these attacks. Unfortunately, most enterprises currently have zero visibility into the browser – most do not have managed browsers or profiles, nor any visibility to the extensions employees are installing often based on trending tools and social media recommendations.

What makes this attack particularly dangerous is that it operates with minimal permissions and nearly no user interaction, requiring only a subtle social engineering step using trusted websites – making it almost impossible for employees to detect. While recent incidents like the Cyberhaven breach have already compromised hundreds, if not thousands of organizations, those attacks required relatively complex social engineering to operate. The devastatingly subtle nature of this attack – with an extremely low threshold of user interaction – not only makes this attack extremely potent, but also sheds light on the terrifying possibility that adversaries are already using this technique to compromise enterprises today.

Unless an organization chooses to completely block browser extensions via managed browsers, the browser syncjacking attack will completely bypass existing blacklists and permissions-based policies. SquareX’s founder Vivek Ramachandran says “This research exposes a critical blind spot in enterprise security. Traditional security tools simply can’t see or stop these sophisticated browser-based attacks. What makes this discovery particularly alarming is how it weaponizes seemingly innocent browser extensions into complete device takeover tools, all while flying under the radar of conventional security measures like EDRs and SASE/SSE Secure Web Gateways. A Browser Detection-Response solution isn’t just an option anymore – it’s a necessity. Without visibility and control at the browser level, organizations are essentially leaving their front door wide open to attackers. This attack technique demonstrates why security needs to ‘shift up’ to where the threats are actually happening: in the browser itself.”

SquareX has been conducting pioneering security research on browser extensions, including the DEF CON 32 talk Sneaky Extensions: The MV3 Escape Artists that revealed multiple MV3 compliant malicious extensions. This research team was also the first to discover and disclose the OAuth attack on Chrome extension developers one week before the Cyberhaven breach. SquareX was also responsible for the discovery of Last Mile Reassembly attacks, a new class of client-side attacks that exploits architectural flaws and completely bypasses all Secure Web Gateway solutions. Based on this research, SquareX’s industry-first Browser Detection and Response solution protects enterprises against advanced extension-based attacks including device hijacking attempts by conducting dynamic analysis on all browser extension activity at runtime, providing a risk score to all active extensions across the enterprise and further identifying any attacks that they may be vulnerable to.

For more information about the browser syncjacking attack, additional findings from this research are available at **sqrx.com/research**.

**About SquareX**

SquareX helps organizations detect, mitigate and threat-hunt client-side web attacks happening against their users in real time.

SquareX’s industry-first Browser Detection and Response (BDR) solution, takes an attack-focused approach to browser security, ensuring enterprise users are protected against advanced threats like malicious QR Codes, Browser-in-the-Browser phishing, macro-based malware and other web attacks encompassing malicious files, websites, scripts, and compromised networks.

Additionally, with SquareX, enterprises can provide contractors and remote workers with secure access to internal applications, enterprise SaaS, and convert the browsers on BYOD / unmanaged devices into trusted browsing sessions.

**Contact**

**Head of PR**  
**Junice Liew**  
**SquareX**  
**\[email protected\]**

SquareX Unveils “Browser Syncjacking” Attack Granting Full Browser and Device Control

**Palo Alto, USA, January 30th, 2025, CyberNewsWire**

SquareX discloses a new attack technique that shows how malicious extensions can be used to completely hijack the browser, and eventually, the whole device.

**PALO ALTO, Calif., Jan. 30, 2025** — Browser extensions have been under the spotlight in enterprise security news recently due to the wave of OAuth attacks on Chrome extension developers and data exfiltration attacks. However, until now, due to the limitations browser vendors place on the extension subsystem and extensions, it was thought to be impossible for extensions to gain full control of the browser, much less the device.

SquareX researchers Dakshitaa Babu, Arpit Gupta, Sunkugari Tejeswara Reddy and Pankaj Sharma debunked this belief by demonstrating how attackers can use malicious extensions to escalate privileges to conduct a full browser and device takeover, all with minimal user interaction. Critically, the malicious extension only requires read/write capabilities present in the majority of browser extensions on the Chrome Store, including common productivity tools like Grammarly, Calendly and Loom, desensitizing users from granting these permissions. This revelation suggests that virtually any browser extension could potentially serve as an attack vector if created or taken over by an attacker. To the best of our understanding, extensions submitted to the Chrome Store requesting these capabilities are not put through additional security scrutiny at the time of this writing.

The browser syncjacking attack can be broken up into three parts: how the extension silently adds a profile managed by the attacker, hijacks the browser and eventually gains full control of the device.

**Profile Hijacking**

The attack begins with an employee installing any browser extension – this could involve publishing one that masquerades as an AI tool or taking over existing popular extensions that may have up to millions of installations in aggregate. The extension then “silently” authenticates the victim into a Chrome profile managed by the attacker’s Google Workspace. This is all done in an automated manner in a background window, making the whole process almost imperceptible to the victim. Once this authentication occurs, the attacker has full control over the newly managed profile in the victim’s browser, allowing them to push automated policies such as disabling safe browsing and other security features.

Using a very clever social engineering attack that exploits trusted domains, the adversary can then further escalate the profile hijacking attack to steal passwords from the victim’s browser. For example, the malicious extension can open and modify Google’s official support page on how to sync user accounts to prompt the victim to perform the sync with just a few clicks. Once the profile is synced, attackers have full access to all credentials and browsing history stored locally. As this attack only leverages legitimate sites and has no visible sign that it has been modified by the extension, it will not trigger any alarm bells in any security solutions monitoring the network traffic.

**Browser Takeover**

To achieve a full browser takeover, the attacker essentially needs to convert the victim’s Chrome browser into a managed browser. The same extension monitors and intercepts a legitimate download, such as a Zoom update, and replaces it with the attacker’s executable, which contains an enrollment token and registry entry to turn the victim’s Chrome browser into a managed browser. Thinking that they downloaded a Zoom updater, the victim executes the file, which ends up installing a registry entry that instructs the browser to become managed by the attacker’s Google Workspace. This allows the attacker to gain full control over the victim’s browser to disable security features, install additional malicious extensions, exfiltrate data and even silently redirect users to phishing sites. This attack is extremely potent as there is no visual difference between a managed and unmanaged browser. For a regular user, there is no telltale sign that a privilege escalation has occurred unless the victim is highly security aware and goes out of their way to regularly inspect their browser settings and look for associations with an unfamiliar Google Workspace account.

**Device Hijacking**

With the same downloaded file above, the attacker can additionally insert registry entries required for the malicious extension to message native apps. This allows the extension to directly interact with local apps without further authentication. Once the connection is established, attackers can use the extension in conjunction with the local shell and other available native applications to secretly turn on the device camera, capture audio, record screens and install malicious software – essentially providing full access to all applications and confidential data on the device.

The browser syncjacking attack exposes a fundamental flaw in the way remote-managed profiles and browsers are managed. Today, anyone can create a managed workspace account tied to a new domain and a browser extension without any form of identity verification, making it impossible to attribute these attacks. Unfortunately, most enterprises currently have zero visibility into the browser – most do not have managed browsers or profiles, nor any visibility to the extensions employees are installing often based on trending tools and social media recommendations.

What makes this attack particularly dangerous is that it operates with minimal permissions and nearly no user interaction, requiring only a subtle social engineering step using trusted websites – making it almost impossible for employees to detect. While recent incidents like the Cyberhaven breach have already compromised hundreds, if not thousands of organizations, those attacks required relatively complex social engineering to operate. The devastatingly subtle nature of this attack – with an extremely low threshold of user interaction – not only makes this attack extremely potent, but also sheds light on the terrifying possibility that adversaries are already using this technique to compromise enterprises today.

Unless an organization chooses to completely block browser extensions via managed browsers, the browser syncjacking attack will completely bypass existing blacklists and permissions-based policies. SquareX’s founder Vivek Ramachandran says “This research exposes a critical blind spot in enterprise security. Traditional security tools simply can’t see or stop these sophisticated browser-based attacks. What makes this discovery particularly alarming is how it weaponizes seemingly innocent browser extensions into complete device takeover tools, all while flying under the radar of conventional security measures like EDRs and SASE/SSE Secure Web Gateways. A Browser Detection-Response solution isn’t just an option anymore – it’s a necessity. Without visibility and control at the browser level, organizations are essentially leaving their front door wide open to attackers. This attack technique demonstrates why security needs to ‘shift up’ to where the threats are actually happening: in the browser itself.”

SquareX has been conducting pioneering security research on browser extensions, including the DEF CON 32 talk Sneaky Extensions: The MV3 Escape Artists that revealed multiple MV3 compliant malicious extensions. This research team was also the first to discover and disclose the OAuth attack on Chrome extension developers one week before the Cyberhaven breach. SquareX was also responsible for the discovery of Last Mile Reassembly attacks, a new class of client-side attacks that exploits architectural flaws and completely bypasses all Secure Web Gateway solutions. Based on this research, SquareX’s industry-first Browser Detection and Response solution protects enterprises against advanced extension-based attacks including device hijacking attempts by conducting dynamic analysis on all browser extension activity at runtime, providing a risk score to all active extensions across the enterprise and further identifying any attacks that they may be vulnerable to.

For more information about the browser syncjacking attack, additional findings from this research are available at **sqrx.com/research**.

**About SquareX**

SquareX helps organizations detect, mitigate and threat-hunt client-side web attacks happening against their users in real time.

SquareX’s industry-first Browser Detection and Response (BDR) solution, takes an attack-focused approach to browser security, ensuring enterprise users are protected against advanced threats like malicious QR Codes, Browser-in-the-Browser phishing, macro-based malware and other web attacks encompassing malicious files, websites, scripts, and compromised networks.

Additionally, with SquareX, enterprises can provide contractors and remote workers with secure access to internal applications, enterprise SaaS, and convert the browsers on BYOD / unmanaged devices into trusted browsing sessions.

**Contact**

**Head of PR**  
**Junice Liew**  
**SquareX**  
**\[email protected\]**

SquareX Discloses “Browser Syncjacking” , a New Attack Technique that Provides Full Browser and Device Control, Putting Millions at Risk

The sudden rise of DeepSeek has raised questions of data origin, data destination, and the security of the new AI model.

The sudden rise of DeepSeek has raised concerns and questions, especially about the origin and destination of the training data, as well as the security of the data.

For those returning from a short holiday away from the news, DeepSeek is a new player on the Artificial Intelligence (AI) field. The Chinese startup has certainly taken the app stores by storm: In just a week after the launch it topped the charts as the most downloaded free app in the US. This caused an upset on the stock markets that cost nVidia and Oracle shareholders a lot of money.

DeepSeek has been called an open-source project, however this technically is not true because only the model’s outputs and certain aspects are publicly accessible. This makes it qualify as an open-weight model. Anyway, the important difference is that the underlying training data and code necessary for full reproduction of the models are not fully disclosed.

And it’s the data that pose a concern to many. OpenAI has accused DeepSeek of using its ChatGPT model to train DeepSeek’s AI chatbot, which triggered quite some memes. If only because OpenAI previously suffered accusations of using data that was not its own in order to train ChatGPT.

Authorities have started to ask questions as well. The Italian privacy regulator GPDP has asked DeepSeek to provide information about the data it processes in the chatbot, and its training data.  Because it sees a risk to the privacy of millions of Italian citizens, GDPD has demanded DeepSeek answers within 20 days questions about:

*   Which personal data is collected
*   The origin of the data
*   Purpose for the collection
*   Whether the data is stored on servers in China

According to the Italian press agency ANSA, DeepSeek disappeared on January 29, 2025 from Google and Apple’s app stores in Italy.

And if all that isn’t scary enough, researchers at Wiz have found a publicly accessible database belonging to DeepSeek.

> “This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details. “

The database was not just accessible and readable, it was also open to control and privilege escalation within the DeepSeek environment. No authentication was required, so anybody that stumbled over the database was able to run queries to retrieve sensitive logs and actual plaintext chat messages, and even to steal plaintext passwords and local files.

Needless to say, this oversight put DeepSeek and its users at risk.

We have said this before and we’ll probably have to repeat it numerous times, but the need for fast developments in this field is creating privacy risks that we have never seen before, simply because security is an afterthought for the developers. So, no matter which AI chatbot you prefer, always be mindful of the information you feed it: It may find its way to unexpected and undesirable places.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 The DeepSeek controversy: Authorities ask where does the data come from and how safe is it? 

The addition of Solvo CSPM to CYE Hyver aims to address the need for multicloud vulnerability monitoring and risk assessment.

Source: Nicolas Menijes Crego via Alamy Stock Photo

NEWS BRIEF

CYE has acquired Solvo as part of its goal to expand the capabilities of its continuous exposure management platform. Terms of the acquisition were not disclosed.

The deal, announced on Wednesday, brings together two Israeli-based cybersecurity companies. CYE will combine Solvo's Cloud Security Posture Management (CSPM) and Cloud Infrastructure Entitlement Management (CIEM) offerings with its own Hyver platform. According to CYE founder and CEO Reuven Aronashvili, CYE will integrate Solvo's CSPM capabilities next quarter to boost its customers' ability to continuously assess and mitigate cyber-risks in multicloud and hybrid infrastructure environments.

Hyver, which provides visual views of an organization's security posture, is designed to prioritize risks, compare the cost of a breach with the cost of remediation, provide risk mitigation planning, measure cybersecurity maturity, and create remediation plans. It also integrates with various security tools and platforms, enabling the sharing of threat detection telemetry. Solvo CSPM provides continuous monitoring of cloud environments while also prioritizing risks, discovering misconfigurations and compliance risks, and visualizing cloud assets and network and identity and access management (IAM) configurations to determine risks.

The need to bring Solvo's CSPM capability to Hyver became apparent as customers were accelerating the migration of their systems and applications to the cloud, Aronashvili says.

"We needed some kind of native access to the cloud environment in order to address access level, encryption level, MFA connectivity, and so on," Aronashvili says. "All those elements that are covered today with different cloud providers and platforms out there are missing in a lot of the coverage today."

Solvo offers native integration with Amazon Web Services, Microsoft Azure, and Google Cloud, which Aronashvili said has become a critical requirement for CYE's Hyber.

"The multicloud aspect was very important to us," he says. "Now we're able to provide an organization with a very comprehensive and complete risk evaluation process that considers all the different aspects of cybersecurity."

Aronashvili founded CYE in 2012 after working as a cybersecurity specialist while serving in the Israel Defense Forces. CYE started out as a professional services company, but in 2021 it rolled out Hyver after receiving $100 million in funding from EQT, with participation from its initial investor, 83 North. In 2023, CYE acquired Baseline's vulnerability analysis platform from Cyberillium, which added automated attack route creation and prioritization to the Hyver platform.

**About the Author**

Contributing Writer

Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island.

Tag

#auth