Back

Cybersecurity Tools Fail to Detect 20% of Browser-Based Phishing Attacks

Severity: High (Score: 67.5)

Sources: www.menlosecurity.com, Infosecurity-Magazine

Published: 2026-06-10 · Updated: 2026-06-10

Keywords: security, browser, report, cybersecurity, software, fails, detect

Summary

A report by Menlo Security reveals that cybersecurity software fails to detect 20% of phishing attacks targeting enterprise browser users. The 2026 Browser Threat Report indicates that attackers exploit the browser session layer, which many traditional security tools do not monitor effectively. In Q1 2026, Menlo Security blocked nearly 115,842 evasive phishing campaigns designed to bypass legacy detection systems. The report highlights the ClickFix attack method, where users are tricked into executing commands that appear legitimate. This gap in security allows threat actors to gain access to enterprise environments through browser sessions, affecting various enterprise activities including email and SaaS applications. Organizations are urged to enhance their security measures at the browser session layer to mitigate these risks. The report emphasizes that existing tools are not broken but rather unfit for the current threat landscape. Key Points: • 20% of phishing attacks targeting enterprise browsers go undetected by security tools. • Menlo Security blocked over 115,000 evasive phishing campaigns in Q1 2026. • Organizations must secure the browser session layer to protect against modern threats.

Detailed Analysis

**Impact** Enterprise organizations using browsers for critical workflows—including email, SaaS, collaboration, AI assistants, financial systems, and credential management—are affected globally. Menlo Security’s data from Q1 2026 shows that 20% of phishing attacks targeting browser sessions go undetected by legacy security tools, exposing millions of active browser sessions to risk. This gap enables threat actors to bypass protections, potentially leading to credential theft, data breaches, and operational disruption across multiple sectors reliant on browser-based applications. **Technical Details** Attackers exploit the browser session layer using phishing campaigns that evade legacy URL filtering and reputation-based defenses. Techniques include ClickFix attacks, AI-in-the-Middle (AiTM), HTML smuggling, and abuse of remote monitoring and management (RMM) tools. These attacks leverage social engineering to prompt users to execute commands or paste code, which bypasses behavioral detection as the actions appear legitimate. Menlo Security blocked 4,937 zero-day attacks and over 115,000 evasive phishing campaigns in Q1 2026. No specific CVEs or IOCs were disclosed in the reports. **Recommended Response** Enterprises should prioritize securing the browser session layer by deploying security solutions designed to monitor and control browser-based interactions and scripts. Implement advanced phishing detection that goes beyond URL filtering, including behavioral analytics and user interaction monitoring. Conduct security assessments using frameworks like Menlo’s five-question self-assessment to identify gaps in browser security posture. Monitor for suspicious user-initiated commands and anomalous browser activity, as traditional endpoint and network tools do not cover this attack surface.

Source articles (2)

  • Cybersecurity Software Fails to Detect Fifth of Brower — Infosecurity-Magazine · 2026-06-10
    Cybersecurity software regularly fails to detect and prevent the cyber-attacks they are designed to protect organizations from, especially within the bowser layer, research by Menlo Security has warne…
  • 2026 State Of Browser Security Threat Report — www.menlosecurity.com · 2026-06-10
    The browser is where your people work. It's also where attackers have shifted — and where your existing security investments have their widest blind spot. This report documents what Menlo Security blo…

Timeline

  • 2026-01-01 — Start of telemetry data collection: Menlo Security began collecting telemetry data across millions of browser sessions in enterprise environments.
  • 2026-03-31 — End of telemetry data collection: Telemetry data collection for the 2026 Browser Threat Report concluded, providing insights into browser-based threats.
  • 2026-06-09 — Menlo Security releases Browser Threat Report: The report revealed significant gaps in browser security, highlighting the ineffectiveness of traditional tools.
  • 2026-06-10 — Menlo Security publishes detailed attack statistics: Menlo disclosed that 4,937 zero-day attacks were blocked and 52,185 threats launched from safe sites in Q1 2026.

Related entities

  • Phishing (Attack Type)
  • Zero-day Exploit (Attack Type)
  • T1566.002 - Spearphishing Link (Mitre Attack)
  • ClickFix (Malware)
  • RMM Tool (Tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed