SquareX to Spotlight Data Splicing Attacks at BSides SF, Exposing Critical DLP Security Flaw

Speedy Summary:

• Event Declaration: SquareX researchers Jeswin Mathai and Audrey Adeline will present at BSides San Francisco 2025 on “Data Splicing Attacks” that bypass enterprise Data Loss Protection (DLP) systems via browser architectural vulnerabilities.
• Key Findings: Their research highlights how data splicing techniques exploit modern browser features,making sensitive corporate files vulnerable too exfiltration despite existing DLP protections.
• Industry Context: With over 60% of corporate data stored in the cloud and browsers as primary tools for accessing this data, current endpoint and cloud-based DLP solutions struggle with new browser security challenges.
• Toolkit release: An open-source testing toolkit, “Angry Magpie,” will be launched alongside their presentation to help enterprises identify vulnerabilities in their DLP systems.
• Speaker Credentials:

– Jeswin mathai: Experienced cybersecurity architect behind key projects like AWSGoat and AzureGoat; regular presenter at top conferences including DEF CON US and Black Hat Asia.
– Audrey Adeline: Lead researcher for SquareX’s Year of browser Bugs (YOBB), author of The Browser Security Field Manual, known for uncovering pivotal browser vulnerabilities such as Browser Syncjacking and Polymorphic Extensions.

• Next Steps: The research team plans further engagement at RSAC 2025 with deeper discussions about their findings.

Indian Opinion Analysis:

The unveiling of “Data Splicing Attacks” by squarex signifies a pressing challenge for India’s tech-driven enterprises increasingly relying on SaaS platforms and cloud storage solutions. As businesses embrace these tools post-pandemic, browsers have emerged as critical interfaces yet inherently weak links in cybersecurity frameworks.For Indian corporations facing growing threats from insider attacks or external adversaries, this disclosure reinforces the urgency to rethink legacy defenses like DLP systems that now appear insufficient against evolving attack methodologies exploiting modern browser architectures. Tools such as “Angry Magpie” may aid Indian firms-especially SMEs limited by cybersecurity resources-in preemptively addressing such risks.

Broader implications point toward fostering a culture of proactive cybersecurity research within India’s tech ecosystem itself, especially given the country’s rising stature in global IT services. As vendor-neutral revelations like this push awareness globally, it may also spur innovation among domestic players developing secure edge technologies adapted to local business contexts.

Read More