Abstract: Real-time monitoring and alerting of breached security credentials for server-based endpoints is described herein. In various embodiments, a software component (that intercepts outgoing network traffic from a computing device) or a server-based breach monitoring component may receive a request for endpoint data. Credential data may be included in the request. The endpoint and/or the credential data may be compared to credential data linked to a list of compromised endpoints. An alert may be generated for the client device when both a match is detected with credential data of a breach object on the list of compromised endpoints and the breach time field of the breach object is after a previous credentials change for the endpoint. Access to the endpoint may be blocked and/or a change password mechanism may also be displayed to change the user credentials prior to revisiting the endpoint.

Abstract: Methods and systems for annotating and assessing content, including QR codes, using a web page investigator to avoid dangerous scans of such content are described herein. A security module executing on a client device may receive a request for web content. A computer vision model may then scan the requested web content to identify and annotate graphical features on the webpage prior to rendering the web content on a display of the client device. The computer vision model may identify a QR code and transmit information encoded within the QR code to a server executing a phishing and content protection (PCP) engine for analysis. When the identified QR code is indicated to be malicious, the client device may render a modified version of the requested web content to discourage the user from scanning the identified QR code.