April 3, 2024 By Shannon Williams
Serial cybersecurity entrepreneur, Vivek Ramachandran's browser-security start-up, SquareX, has unveiled the results of a recent study which found significant vulnerabilities in the scanning of email attachments for malicious documents by top webmail providers, such as Gmail and Outlook. These vulnerabilities put millions of users worldwide at risk from document-based cyber threats.
The analysis by SquareX's research and development team involved sending 100 malicious document samples, segmented into four categories, via a third-party email provider, ProtonMail, to several major email providers. These included industry giants like Gmail, Yahoo, AOL, and Apple iCloud Mail, amongst others. Surprisingly, while these email providers demonstrated basic detection capabilities for unmodified malicious document samples, their ability to detect modified malicious documents manipulated with readily available attack tools fell short. This failing has exposed a serious cybersecurity loophole that threatens millions of users globally.