Varonis, Friday, June 19th, 2026
MyBait: Why We Lured Attackers to Encrypt Our Cloud MySQL
Varonis deployed vulnerable MySQL honeypots across clouds and only the GCP instance was compromised, twice.
more →
Back Issues This Week → Popular →
All issues › Archive
Varonis — Archive
93 articles · page 1 of 2
Varonis, Monday, June 15th, 2026
SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon
Varonis Threat Labs found a vulnerability chain that turns M365 Copilot into a one-click data exfiltration tool.
more → Varonis, April 27,2026
The Vercel Breach: Steps To Protect Your Organization
https://www.varonis.com/blog/vercel-breach-2026?hsLang=en
more →
Varonis, Friday, April 17th, 2026
The Invisible Footprint: How Anonymous S3 Requests Evade AWS Logging
Learn how anonymous S3 requests evaded AWS CloudTrail logging via VPC endpoints, the risks to enterprises, and how AWS addressed the issue.
more → Varonis, Monday, April 13th, 2026
Deep Dive Into Architectural Vulnerabilities In Agentic LLM Browsers
Varonis Threat Labs investigated Comet, OpenAI Atlas, Edge Copilot, and Brave Leo to understand how LLM browsers work and where attackers can break them.
more → Varonis, March 25,2026
Varonis Discovers Local File Inclusion In Aws Remote Mcp Server Via Cli Shorthand Syntax
Varonis uncovers a local file inclusion vulnerability in the AWS Remote MCP Server, exposing how authenticated access can lead to sensitive data exposure.
more → Varonis, Tuesday, March 24th, 2026
Applying Zero Trust To MCP In AI Systems
Model Context Protocol (MCP) has quickly become a foundational building block for agentic AI. By standardizing how AI agents discover tools, retrieve context, and take action, MCP makes it dramatically easier to connect models to real systems. That ease of integration is exactly why teams are adopting it so quickly - and exactly why security teams are uneasy.
more → Varonis, Tuesday, March 3rd, 2026
From Hype To Culture: How We Turned AI Adoption Turned Into Everyday Impact
A practical, engineering‑led framework for turning gen AI investment into real adoption, measurable impact, and lasting culture.
more → Varonis, Tuesday, March 3rd, 2026
Copy, Paste, Ransom: Making Data Exfiltration As Easy As AzCopy
Ransomware operators are ditching the usual tools for Microsoft's own AzCopy, turning a trusted Azure utility into a data exfiltration powerhouse.
more → Varonis, Thursday, February 19th, 2026
How Cybercriminals Buy Access: Logins, Cookies, And Backdoors
Explore how cybercriminals buy VPN credentials, infostealer logs, breach databases, and web shells to access networks without writing a single exploit.
more → Varonis, Tuesday, February 17th, 2026
Data Classification in the Age of LLMs: A Technical Deep Dive
Discover how to combine LLM-based classification with deterministic methods to maximize accuracy, speed, and data sovereignty.
more → Varonis, Thursday, February 12th, 2026
Dataflow Rider: How Attackers Can Abuse Shadow Resources In Google Cloud Dataflow
Discover how attackers can hijack Google Cloud Dataflow pipelines by manipulating shadow resources and learn how to secure your environment against it.
more → Varonis, Thursday, January 29th, 2026
Data Discovery Is Not Data Security
Data discovery has become an important part of every data security program. From prioritizing efforts to tightening permissions to deciding where to place compensating controls, a map of sensitive data helps prioritize remediation of controls and informs detection.
more → Varonis, Wednesday, January 28th, 2026
Exfil Out&Look For Logs: Weaponizing Outlook Add-Ins For Zero-Trace Email Exfiltration
Varonis Threat Labs reveals how Outlook add-ins in Microsoft 365 can be exploited to exfiltrate sensitive email data without leaving forensic traces.
more → Varonis, Friday, January 23rd, 2026
Varonis SaaS: Fast & Easy Agentless Cloud Deployment
Varonis' cloud-native Data Security Platform deploys in minutes and delivers immediate protection at scale.
more → Varonis, Friday, January 23rd, 2026
Stanley - A $6,000 Russian Malware Toolkit With Chrome Web Store Guarantee
A new malware toolkit called 'Stanley' spoofs websites while keeping the address bar intact and guarantees Chrome Web Store approval.
more → Varonis, Thursday, January 22nd, 2026
Varonis Concierge: Extending Data Security Beyond Software
Varonis Concierge gives you expert, personalized guidance to secure sensitive data, optimize your platform, and achieve measurable security outcomes.
more → Varonis, Wednesday, January 14th, 2026
Reprompt: The Single-Click Microsoft Copilot Attack That Silently Steals Your Personal Data
Varonis Threat Labs discovered a way to bypass Copilot's safety controls, steal users' darkest secrets, and evade detection.
more → Varonis, Tuesday, December 16th, 2025
Phishing Attacks: Types, Statistics, And Prevention
Discover the latest phishing attack types, key statistics, and proven prevention strategies to protect organizations across email, messaging apps, and collaboration platforms.
more → Varonis, Tuesday, November 25th, 2025
5 Must-Know Salesforce Security Tips
Salesforce environments are full of sensitive data that needs to be managed effectively. But with so many stakeholders and users needing to access different data constantly, the risk of a security breach is heightened. When it comes to cybersecurity, data is everything. It's your most valuable asset, and also your most regulated and most targeted.
more → Varonis, Wednesday, November 12th, 2025
Why We're Going All In on SaaS
The future of data security is automated and effortless.
more → Varonis, Thursday, October 30th, 2025
The Silent Attackers: Exploiting VPC Endpoints to Expose AWS Accounts of S3 Buckets Without a Trace
Learn how a CloudTrail flaw revealed IDs via VPC endpoints and how to protect your cloud.
more → Varonis, Tuesday, October 28th, 2025
Meet Atroposia: The Stealthy Feature-Packed RAT
Atroposia is a new remote access trojan (RAT) found by Varonis that uses encrypted command channels, hidden remote access, credential and wallet theft, and persistence.
more → Varonis, Friday, October 24th, 2025
Trusted Vendors, Twisted Links: The Dark Side of URL Rewriting
Discover how attackers use advanced URL rewriting tricks to bypass traditional blocklists and how organizations can stay ahead of evolving threats.
more → Varonis, Tuesday, October 21st, 2025
Inbox Infiltration: The File Type You're Overlooking
Phishing tactics have taken a creative turn with the abuse of SVG files, turning innocent-looking images into vehicles for high-impact attacks.
more → Varonis, Tuesday, October 21st, 2025
Azure App-Mirage: Bypassing Application Impersonation Safeguard
Varonis Threat Labs discovered a loophole allowing attackers to impersonate Microsoft applications by creating malicious apps with deceptive names.
more → Varonis, Tuesday, October 21st, 2025
AI-Powered Phishing Is Outpacing Traditional Defenses - Here's How To Keep Up
AI-powered phishing is outsmarting email security. Discover a multilayered defense from Gartner and how Varonis Interceptor protects your inbox.
more → Varonis, Monday, October 13th, 2025
What Is Database Activity Monitoring? DAM Explained
A critical component of any organization's security strategy, Database Activity Monitoring tools are used by organizations to fulfill compliance criteria and protect sensitive data.
more → Varonis, Thursday, October 9th, 2025
From CPU Spikes To Defense: How Varonis Prevented A Ransomware Disaster
Discover how Varonis' advanced threat response ensured zero downtime and complete remediation when stopping a ransomware attack.
more → Varonis, Wednesday, October 8th, 2025
Introducing Varonis Interceptor: AI-Native Email Security
Varonis Interceptor protects organizations from a new breed of AI-powered email threats with the best phishing detection on the planet.
more → Varonis, Monday, October 6th, 2025
Rethinking Database Security For The Age Of AI And Cloud
Discover the pillars of database security and how Varonis Next-Gen database activity monitoring (DAM) protects sensitive data in AI and cloud environments.
more → Varonis, October 2,2025
Forcedleak And The Future Of AI Agent Security
ForcedLeak exposes Salesforce Agentforce to silent CRM data theft via prompt injection, agent overreach, and CSP misconfig. Mitigate now.
more → Varonis, October 1,2025
The Fake Bureau Of Investigation: How Cybercriminals Are Impersonating Government Pages
The FBI is noticing a large uptick in fraudulent websites impersonating the IC3. Learn how users are unsuspectingly reporting cybercrime to cybercriminals.
more → Varonis, October 1,2025
Top 10 Cybersecurity Awareness Tips: How To Stay Safe And Proactive
With breaches on the rise, it's crucial to make cybersecurity a priority. Follow these preventative cybersecurity tips for stronger security practices.
more → Varonis, September 30,2025
MatrixPDF Puts Gmail Users at Risk with Malicious PDF Attachments
Discover how PDF-based malware attacks work and how AI-powered email security can detect and block threats before they reach your inbox.
more → Varonis, September 30,2025
Securing Sensitive Data In Databricks
Varonis and Databricks partner to secure business-critical data.
more → Varonis, Friday, September 26th, 2025
CyberTech Tokyo 2025: Security in the Age of Generative AI
Discover the key insights from CyberTech Tokyo 2025, the growing risk of generative AI, and steps organizations can take to strengthen their data security.
more → Varonis, Thursday, September 25th, 2025
Accurate Classification That Scales: The Right Tool For The Right Job
Accurate, scalable data classification is key to security, compliance, and safe AI. Learn how to avoid common pitfalls and choose the right approach.
more → Varonis, Thursday, September 25th, 2025
Where Are My Keys?! Ransomware Group Steals AWS Keys To Advance
Ransomware groups now target AWS control planes using stolen keys and Pacu. Learn how Varonis detects, investigates, and stops these cloud threats.
more → Varonis, Monday, September 22nd, 2025
OAuth Connected Application Control : Lock Down Your Salesforce Environment Before Attackers Log In
Lock down your Salesforce environment and stop OAuth-based threats with the CRM's new API Access Control. Varonis Threat Labs explains how it works and why it's important.
more → Varonis, September 19,2025
AI Security Starts With Data Security
Learn how to protect AI pipelines by controlling data access, monitoring AI behavior, and preventing data exposure.
more → Varonis, September 17,2025
Bidi Swap: Unmasking The Art Of URL Misleading With Bidirectional Text Tricks
Varonis reveals a decade-old Unicode flaw that enables BiDi URL spoofing and poses phishing risks. Learn how attackers exploit RTL/LTR scripts and browser gaps.
more → Varonis, Saturday, September 6th, 2025
Detecting Agentic AI Threats With Agentic AI
Detect and stop agentic AI threats with agentic AI: autonomous agents that monitor, investigate, and respond faster than traditional security tools.
more → Varonis, Thursday, September 4th, 2025
Cyber Resilience Assessment: Identifying Detection Gaps And Strengthening Security
Validate your security tools with a real-world attack simulation that reveals detection gaps and boosts your cyber resilience.
more → Varonis, Wednesday, September 3rd, 2025
When Integrations Become Infiltrations: What The Salesloft Drift Breach Reveals About SaaS Risk
Learn how attackers exploited SaaS integrations in the Drift breach - and how to protect your Salesforce organization today.
more → Varonis, Tuesday, September 2nd, 2025
Varonis Acquires Slashnext, Ai-Native Email Security
Strategic acquisition adds the world's best phishing and social engineering detection to the leading Data Security Platform.
more → Varonis, Wednesday, August 20th, 2025
The Cloud Threat Playbook: Catching What Posture Tools Miss
Identity is the new perimeter. Learn how Varonis stops cloud breaches by resolving access, detecting threats, and automating least privilege.
more → Varonis, Monday, August 18th, 2025
Why Data-Centric Security is Important for the DoD
Learn how Varonis protects DoD environments by utilizing various approaches to secure sensitive data.
more → Varonis, Thursday, August 14th, 2025
Understanding And Defending Against The Model Context Protocol DNS Rebind Attack
As organizations increasingly rely on MCP servers to bridge AI capabilities with business systems, understanding and defending against threats is critical.
more → Varonis, Monday, August 11th, 2025
Rusty Pearl: Remote Code Execution In Postgres Instances
Varonis uncovers an RCE vulnerability in PostgreSQL via PL/Perl and PL/Rust. Learn how AWS RDS responded and how to secure your Postgres environmen
more →