Security Software Fails to Detect Fifth of Brower Phishing Attacks
Security Software Fails to Detect Fifth of Brower Phishing Attacks
https://www.infosecurity-magazine.com/news/cybersecurity-fails-to-detect/
Publish Date: 2026-06-10 11:30:00
Source Domain: www.infosecurity-magazine.com
Cybersecurity software regularly fails to detect and prevent the cyber-attacks they are designed to protect organizations from, especially within the bowser layer, research by Menlo Security has warned.
Published on June 9, Menlo Security’s 2026 Browser Threat Report found that one in five phishing attacks which target the enterprise browser users go completely undetected by the tools which are supposed to protect the network and its users from attacks.
Based on platform telemetry across millions of active browser sessions in enterprise customer environments between January 1 and March 31 2026, the research warned that threat actors are gaining entry to enterprise environments through the browser session layer.
The problem, the paper said, is that attacks via the browser target areas which many traditional enterprise cybersecurity products are not designed to identify or prevent suspicious activity in.
Enterprise activities like email, SaaS applications, collaboration tools, AI assistants, financial systems and credential management software now commonly take place inside a browser session rather than within an application.
But many enterprise security products are not built with this in mind, creating opportunities for cybercriminals. One out of five phishing links actively engaged by users went completely undetected by legacy URL filtering, according to Menlo.
“The tools most enterprises rely on are performing exactly as designed. That is the problem. None of them were built to operate at the browser session layer, and that is precisely where attackers have learned to live,” said Bill Robbins, CEO of Menlo Security.
Social Engineering as a Security Bypass
One of the key issues surrounding browser-based attacks is that they don’t just exploit technical vulnerabilities, they actively exploit how people interacts with the browser too.
Humans regularly need to interact with in-browser alerts such as CAPTCHAs, error messages and Cloudflare…
