A Varonis Threat Labs breakdown of Anthropic’s Claude Code leak, uncovering the AI coding agent’s architecture, guardrails, and attack surface.

Meet Storm, a new infostealer that tiptoes around endpoint security tools, remotely decrypts browser credentials, and lets operators restore hijacked sessions.

Varonis uncovers a local file inclusion vulnerability in the AWS Remote MCP Server, exposing how authenticated access can lead to sensitive data exposure.

ShinyHunters is abusing misconfigured Salesforce Experience sites to expose sensitive data. Learn how the attack works and how to reduce your risk.

1Campaign is a new cloaking platform that helps attackers bypass Google Ads screening, evade security researchers, and keep phishing and crypto drainer pages online longer.

Explore how cybercriminals buy VPN credentials, infostealer logs, breach databases, and web shells to access networks without writing a single exploit.

Discover how attackers can hijack Google Cloud Dataflow pipelines by manipulating shadow resources and learn how to secure your environment against it.

Varonis Threat Labs reveals how Outlook add-ins in Microsoft 365 can be exploited to exfiltrate sensitive email data without leaving forensic traces.

A new malware toolkit called 'Stanley' spoofs websites while keeping the address bar intact and guarantees Chrome Web Store approval.

Varonis Threat Labs discovered a way to bypass Copilot’s safety controls, steal users’ darkest secrets, and evade detection.

Discover how AI-powered cyber threats, malicious LLMs, and advanced phishing are reshaping security and demanding smarter, data-centric defenses in 2026.

MongoBleed (CVE‑2025‑14847) is a critical unauthenticated memory-leak vulnerability in MongoDB Server that allows attackers to remotely extract uninitialized heap memory—including sensitive info like credentials.