Recent discoveries
-
June 15, 2026
SearchLeak: How We Turned M365 Copilot Into a One-Click Data Exfiltration Weapon
Varonis Threat Labs discovered SearchLeak, a critical vulnerability chain in Microsoft 365 Copilot Enterprise that allows an attacker to steal sensitive data — MFA codes, email messages, meeting details, and private organizational files — with a single click.
Dolev Taler
-
June 09, 2026
Phishing for Lobsters: How We Tricked OpenClaw into Spilling Secrets
We built an AI agent and put it through four phishing simulations to reveal critical security gaps and offer solutions to protect your organization's data.
Itay Yashar
-
April 29, 2026
Meet Bluekit: The AI-Powered All-in-One Phishing Kit
Discover Bluekit, the AI-driven phishing kit that centralizes phishing operations with advanced features like automated domain registration and an AI Assistant.
Daniel Kelley
-
February 12, 2026
Dataflow Rider: How Attackers can Abuse Shadow Resources in Google Cloud Dataflow
Discover how attackers can hijack Google Cloud Dataflow pipelines by manipulating shadow resources and learn how to secure your environment against it.
Tamir Yehuda
-
January 27, 2026
Exfil Out&Look for Logs: Weaponizing Outlook Add-ins for Zero-Trace Email Exfiltration
Varonis Threat Labs reveals how Outlook add-ins in Microsoft 365 can be exploited to exfiltrate sensitive email data without leaving forensic traces.
Hadas Shalev
-
January 14, 2026
Reprompt: The Single-Click Microsoft Copilot Attack that Silently Steals Your Personal Data
Varonis Threat Labs discovered a way to bypass Copilot’s safety controls, steal users’ darkest secrets, and evade detection.
Dolev Taler