QR codes are everywhere these days: on posters, invoices, digital forms, and even security passes. While they’ve become essential for streamlining access to information and services, they can usually be an overlooked attack vector in enterprise and government environments.

Our Security Research Team’s latest white paper, QR codes: neutralizing threats with CDR detection and removal, lead by James Brimer, takes a deep dive into how malicious actors are increasingly weaponizing QR codes, and what can be done to mitigate their threat.

What’s at stake?

Government agencies and large enterprises are high-value targets, and cybercriminals can exploit QR codes to:

• Embed phishing links in trusted documents like utility bills, tax forms, or HR materials.

• Bypass email security by inserting malicious links in image-based QR codes, which traditional scanners often miss.

• Deliver malware by leading unsuspecting users to compromised websites or app downloads.

• Evade detection through obfuscation techniques, making malicious QR codes blend into harmless files.

The result? A seemingly innocuous document can become a stealth entry point for credential theft, ransomware, or data exfiltration.

Why traditional security tools fall short and how Glasswall closes the gap

Many cybersecurity solutions focus on the visible content surrounding QR codes but fail to analyse or sanitize the QR codes themselves. This critical blind spot allows malicious payloads to bypass traditional defenses, especially when embedded in PDFs, scanned documents, or images that appear to be from trusted sources.

Glasswall’s Content Disarm and Reconstruction (CDR) technology offers a proactive, Zero Trust approach that goes beyond detection. It doesn’t just scan for known threats; it rebuilds every file to a safe, clean, and policy-compliant standard, neutralizing hidden QR code threats without relying on signatures or heuristics. By stripping out embedded risks before files reach users or endpoints, Glasswall CDR ensures complete content integrity and prevents exploitation through QR code obfuscation tactics.

While Glasswall does not currently offer a specific mitigation for QR-based threats, its ongoing security research has enabled the company to focus on how it may evolve a solution to meet the risks posed by QR codes. This is an active area of innovation being explored in 2025.

Our research shows:

• Real-world examples of QR code abuse in document-based attacks.

• Breakdown of evasion tactics used by cybercriminals to bypass traditional security layers.

• Overview of detection techniques, including Optical Character Recognition (OCR), QR code parsing, and safe URL analysis.

• Strategic guidance for incorporating QR code sanitization into your organization's content security pipeline.

Why this research is important for public sector and enterprise leaders

For IT leaders, risk managers, and CISOs in the public and private sectors, understanding and neutralising QR-based threats is critical. This paper outlines how proactive QR code sanitization, rather than reactive detection, can close this blind spot and protect sensitive systems, citizen data, and corporate assets.

Read the full white paper and find out how your organization can eliminate hidden threats in documents, without compromising usability or productivity with Glasswall CDR.

Download the full white paper: QR codes: neutralizing threats with CDR detection and removal:

‍