Browser-based attacks hit 95% of enterprises — and traditional security tools never saw them coming

Your web gateway can't see it. Your cloud access broker can't see it. Your endpoint protection can't see it. And yet 95% of organizations experienced browser-based attacks last year, according to Omdia research conducted across more than 1,000 IT and security leaders.

Still, three campaigns in 12 months are making the threat more concrete. ShadyPanda infected 4.3 million users through extensions that had been legitimate for seven years. Cyberhaven's security extension was weaponized against 400,000 corporate customers on Christmas Eve. Trust Wallet lost $8.5 million from 2,520 wallets in 48 hours. None triggered traditional alerts.

The pattern is consistent: Attackers aren’t exploiting zero-days or bypassing perimeter defenses. They’re operating inside trusted browser sessions — where traditional security tools lose visibility after login.

"Let's be honest, people are using a browser the majority of their day anyway," said Sam Evans ...