GitHub's breach, caused by a malicious VS Code extension, exposed 3,800 internal repositories. Learn how to secure your environment.

Varonis Threat Labs discovered a new technique that abuses NTFS junctions to generate infinite file paths, causing EDR products to hang and leave files unscanned.

See how an Azure Cosmos for PostgreSQL vulnerability enabled remote code execution, its implications, and essential security best practices.

The Canvas breach reveals how cybercriminals are targeting education: learn how the attack unfolded, what data was exposed, and the risks ahead.

Discover Bluekit, the AI-driven phishing kit that centralizes phishing operations with advanced features like automated domain registration and an AI Assistant.

Discover how attackers exploit cross-tenant ROPC to create misleading login events, undermining your security and data integrity without breaching your systems.

Vercel disclosed a major breach exposing customer environment secrets via a compromised AI tool. Learn what happened, why it matters, and the steps to protect your organization.

Learn how anonymous S3 requests evaded AWS CloudTrail logging via VPC endpoints, the risks to enterprises, and how AWS addressed the issue.

Varonis Threat Labs investigated Comet, OpenAI Atlas, Edge Copilot, and Brave Leo to understand how LLM browsers work and where attackers can break them.

A Varonis Threat Labs breakdown of Anthropic’s Claude Code leak, uncovering the AI coding agent’s architecture, guardrails, and attack surface.

Meet Storm, a new infostealer that tiptoes around endpoint security tools, remotely decrypts browser credentials, and lets operators restore hijacked sessions.

Varonis uncovers a local file inclusion vulnerability in the AWS Remote MCP Server, exposing how authenticated access can lead to sensitive data exposure.