SquareX to Uncover Data Splicing Attacks at BSides San Francisco

SquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025. Titled ‘Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out,’ the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any sensitive file or clipboard data, completely bypassing major Data Loss Protection (DLP) vendors listed by Gartner by exploiting architectural vulnerabilities in the browser.

Cyber Technology Insights : Media Alert: OpenText Showcases End-to-End Cybersecurity Innovation at RSA Conference 2025

DLP is a core pillar of every enterprise security stack. Data breaches can result in severe consequences including IP loss, regulatory violations, fines, and severe reputational damage. With over 60% of corporate data being stored in the cloud, browsers have become the primary way for employees to create, access, and share data. Consequently, the browser has become a particularly attractive target for external attackers and insider threats alike. Yet, existing endpoint and cloud DLP solutions have limited telemetry and control over how employees interact with data on the browser.

Additionally, there are several unique challenges when it comes to maintaining data lineage in the browser. This includes managing multiple personal and professional identities, the wide landscape of sanctioned and shadow SaaS apps, and the numerous pathways in which sensitive data can flow between these apps. Unlike managed devices where enterprises have full control over what can be installed on the device, employees can easily sign up for various SaaS services without the IT team’s knowledge or oversight.

Cyber Technology Insights : REI Systems Passes CMMC Level 2 C3PAO Assessment

SquareX Researcher Audrey Adeline says, “Data splicing attacks are a complete game changer for insider threats and attackers that are seeking to steal information from enterprises. They exploit newer browser features that were invented long after existing DLP solutions and thus the data exfiltrated using these techniques are completely uninspected, resulting in full bypasses. With today’s workforce heavily relying on SaaS apps and cloud storage services, any organization that uses the browser is vulnerable to data splicing attacks.”

As part of the talk, they will also be releasing an open-source toolkit, ‘Angry Magpie,’ which will allow pentesters and red teams to test their existing DLP stack and better understand their organization’s vulnerability to Data Splicing Attacks. SquareX hopes that the research will highlight the severe threats that browsers pose on data loss and serve as a call to action for enterprises and vendors alike to re-think their data loss protection strategies.

Cyber Technology Insights : CampusGuard Announces Mike Wright as President, Other Leadership Changes

To participate in our interviews, please write to our CyberTech Media Room at sudipto@intentamplify.com

Source – prnewswire

Tags: BSides San Francisco, cloud storage, data breaches, Data Splicing Attacks, SquareX

CyberTech Media Room

Share With

Daily CyberTech Highlights: Essential News and Analysis

New Sumo Logic Report Reveals Security Leaders are Prioritizing AI in New Solutions

TekStream and New Jersey Institute of Technology Partner to Empower Learning

Xona and Forescout Partner to Deliver Secure Remote Access

Mattermost Introduces Intelligent Mission Environment: Sovereign, AI-Integrated Platform

Azul Introduces 100 – 1000x More Accurate In-Production Java Vulnerability Detection

Contact Us

Quick Links

Insights

Get in touch

Follow Us

Our Other Brands