Endpoint Security Reborn for the AI Era
The endpoint is being redefined. Don’t stay behind.
Latest findings
-
6 min readMaXSS & Spyder: How two Chrome extensions allow websites to compromise over 10 million browsers
How SiderAI and MaxAI agentic side panel extensions are vulnerable to severe cross-site vulnerabilities, allowing attackers to compromise browsers easily and entirely
security browser extensions AI agentic
Gal Weizman, Gal Bashan
Read
-
11 min readSpyder: Chrome Extension SiderAI Vulnerable to UXSG Puts 10,000,000 Users at Risk
How SiderAI Chrome extension vulnerability allowed arbitrary websites to hiddenly embed other websites and trigger typing/clicking gestures within them, effectively allowing UXSG (Universal Cross Site Gesturing)
security browser extensions AI agentic Gal Weizman
Read
-
9 min readMaXSS: Chrome Extension MaxAI Vulnerable to UXSS Puts 1,000,000 Users at Risk
How MaxiAI Chrome extension vulnerability allows arbitrary websites access extension-level permissions, leading to UXSS, arbitrary local file read (potentially), universal screenshooting, and more
security browser extensions AI agentic Gal Weizman
Read