EP 49 - Inside the Attack Surface: Lessons from the Red Team on Browser Threats

VP of CyberArk Red Team Services Shay Nahari joins host David Puner for an in-depth look at the evolving risks facing enterprise browsers. The conversation explores how attackers are shifting from stealing credentials to hijacking session tokens and cookies, and why browsers originally designed for consumers have become a prime target in today’s identity-driven threat landscape. Shay shares real-world examples of session-based attacks, insights from adversarial simulations, and practical strategies for reducing risk, including the importance of least privilege, ephemeral identities, and layered security. This episode offers actionable guidance for security leaders and practitioners looking to protect identities and sensitive data across today’s expanding digital environments.