Palo alto networks acknowledges squarex research on limitations of swgs against last mile reassembly attacks

Palo alto, calif., sept. 18, 2025 (globe newswire) -- squarex first discovered and disclosed last mile reassembly attacks at def con 32 last year, warning the security community of 20+ attacks that allow attackers to bypass all major sase/sse solutions and smuggle malware through the browser. despite responsible disclosures to all major sase/sse providers, no vendor has made an official statement to warn its customers about the vulnerability in the past 13 months - until two weeks ago. as more attackers are leveraging last mile reassembly techniques to exploit enterprises, sase/sse vendors are beginning to recognize that proxy solutions are no longer sufficient to protect against browser based attacks, with palo alto networks being the first to publicly acknowledge that secure web gateways are architecturally unable to defend against last mile reassembly attacks. in the press release , palo alto networks recognized the attack as "encrypted, evasive attacks that assemble inside the browser and bypass traditional secure web gateways.” the release also recognized that “the browser is becoming the new operating system for the enterprise, the primary interface for ai and cloud applications. securing it is not optional.”this marks a watershed moment in cybersecurity where a major incumbent sase/sse vendor publicly admits the fundamental limitations of secure web gateways (swgs) and acknowledges the critical importance of browser-native security solutions - exactly what squarex has been advocating since pioneering this research. what are last mile reassembly attacks? last mile reassembly attacks are a class of techniques that exploit architectural limitations of swgs to smuggle malicious files through the proxy layer, only to be reassembled as functional malware in the victim's browser. in one technique, attackers break the malware into different chunks. individually, none of these chunks trigger a detection by swgs. once they bypass proxy inspection, the malware is then reassembled in the browser. in another example, attackers smuggle these malicious files via binary channels like webrtc, grpc and websockets. these are common communication channels used by web apps like video conferencing and streaming tools, but are completely unmonitored by swgs. in fact, many swgs publicly admit this on their website and recommend their customers disable these channels.in total, there are over 20 such techniques that completely bypass swgs. while palo alto networks is the first to publicly admit this limitation, squarex has demonstrated that all major sase/sse vendors are vulnerable and have been in touch with multiple solutions as part of responsible disclosures and to discuss alternative protection mechanisms.  data splicing attacks: exfiltrating data with last mile reassembly techniques since the discovery of last mile reassembly attacks, squarex's research team conducted further research to see how attackers can leverage these techniques to steal sensitive data. at bsides san francisco this year, squarex's talk on data splicing attacks demonstrated how similar techniques can be used by insider threats and attackers to share confidential files and copy-paste sensitive data in the browser, completely bypassing both endpoint dlp and cloud sase/sse dlp solutions. in fact, there has been an emergence of p2p file sharing sites that allow users to send any file with no dlp inspection. the year of browser bugs: pioneering critical browser security research as the browser becomes one of the most common initial access points for attackers, browser security research plays a critical role in understanding and defending against bleeding edge browser-based attacks. inspired by the impact of last mile reassembly, squarex launched a research project called the year of browser bugs , disclosing a major architectural vulnerability every month since january. some seminal research include polymorphic extensions , a malicious extension that can silently impersonate password managers and crypto wallets to steal credentials/crypto and passkeys pwned , a major passkey implementation flaw disclosed at def con 33 this year.
PANW Ratings Summary
PANW Quant Ranking