The Axios Supply Chain Attack
The Axios supply chain attack proves attackers don’t need vulnerabilities if they can hit the assembly line. By compromising a single npm maintainer account, they were able to slip a trojan into Axios...
10 Apr 43min
Salesforce Aura Data Theft
ShinyHunters has once again placed Salesforce customers in their crosshairs – this time abusing guest user misconfigurations in public-facing Experience Cloud sites. The group claims to have compromis...
20 Mar 29min
OpenClaw & Moltbook (w/ Moriah Hara!)
OpenClaw – an opensource AI agent dubbed “Claude with hands” – has exploded across GitHub, rocketing from obscurity to 170,000 stars in just two weeks. It’s now the fastest spreading form of shadow IT...
14 Feb 43min
The React2Shell Crisis
React2Shell, the zero-click RCE exploit, is rapidly becoming one of the most significant cybersecurity incidents this year. From emergency patches causing a massive Cloudflare outage to active exploi...
15 Des 202522min
AI-Powered Espionage
A Chinese state-sponsored group weaponized Anthropic’s Claude tool to launch the first large-scale AI-driven espionage campaign, targeting more than 30 organizations across tech, finance, manufacturin...
24 Nov 202523min
Black Hat Cartels
More from Varonis ⬇️ Visit our website: https://www.varonis.com LinkedIn: linkedin.com/company/varonis X/Twitter: x.com/varonis Instagram: instagram.com/varonislife Want to join us live? Save a seat...
31 Okt 202523min
Supply Chain Attacks
This month marked the discovery of one of the largest NPM compromises in history. Though AI-assisted social engineering, a profilic developer dubbed Qix was phished. His account was then maliciously u...
20 Sep 202524min
