Summary
When Varonis acquired SlashNext, the threat-research programme Cyberou had been running on the SlashNext Blog came with the deal. Varonis retained the writer, and the research output continued on the Varonis Blog under Threat Labs with the same editorial voice.
Across the combined SlashNext and Varonis eras, the programme has earned 300+ documented media features. The Varonis-era output alone sits at 25 pieces on varonis.com/blog, with Atroposia, MatrixPDF, SpamGPT, Stanley, FishXProxy, and 1Campaign each clearing 8+ features on their own. Dark Reading, CSO Online, Bleeping Computer, TechRadar, SiliconANGLE, Infosecurity Magazine, and Trend Micro ran the work.
Challenge
Varonis was buying a voice, not just a blog archive. Once the acquisition closed, the risk was that the SlashNext voice would get smoothed out through a new legal and brand review process and the research would start reading like generic vendor content. The programme had to keep feeling like SlashNext-era Threat Labs, just on a different logo.
The category was also broader. SlashNext focused on phishing and BEC; Varonis sells across data security, email security, and now AI security. The research had to spread across phishing kits, access brokers, AI-abused tooling, and the subscription cybercrime meta-angle, without diluting the voice or the technical specificity.
And the cadence had to stay tight. Varonis Threat Labs needed to become a source journalists check for new cybercrime tooling, not a place they visit once after an acquisition announcement.
Approach
We ran the programme as a continuous research output, carrying the SlashNext-era editorial template into the Varonis Blog: opening with the specific tooling being tracked, technical evidence from the cybercrime forum or network it was traded on, pricing and capability detail a reporter could quote, and enough defensive framing that Varonis's product angle landed without puffery.
News-turn discipline kept the output current. When a new cybercrime SaaS or AI-augmented tool dropped on a Russian-language forum, a Varonis Blog piece was drafted within days, complete with the screenshots and pricing detail editors at Dark Reading or CSO Online needed to run the story. ClickFix, 1Campaign, Stanley, and Atroposia followed this cadence.
Thematic coverage stacked across categories: phishing kits lowering technical barriers for attackers, AI-abused tools turning cybercrime into SaaS, access broker economies, and the broader subscription-cybercrime narrative. Each piece stood alone for a search-driven reader, but they all reinforced a coherent Varonis Threat Labs POV.
Results
300+ documented media features across the combined SlashNext and Varonis eras of the programme. The Varonis-era output alone contributed 80+ tier-1 features on top of what SlashNext-era work had already earned before the acquisition.
MatrixPDF: 9+ features (CSO Online, Bleeping Computer, Wizcase, Forbes Panama, Hackread, Cryptika, Cybersecurefox, Meterpreter.org).
Stanley: 9+ features (Dark Reading, Hackread, CyberInsider, MalwareTips, iTnews, Enterprise Security Tech, SecuriTricks).
SpamGPT: 8+ features (TechRadar, Security Boulevard, KnowBe4, Hackread, Information Age, Dataconomy, emailexpert).
Atroposia: 8+ features (Dark Reading, CSO Online, Infosecurity Magazine, Bleeping Computer, SC Media, GBHackers, CyberPress, PCRisk).
FishXProxy: 8+ features (Dark Reading, SiliconANGLE, SC Media, Security Boulevard, Hackread, The Cyber Express, CriticalStart).
1Campaign: 8+ features (Bleeping Computer, TechRadar, CSA, CyberPress, Hackread, GBHackers, PRSOL).
Xanthorox AI: 7+ features (Trend Micro, Dark Reading, CinchOps, CyberPress, Cryptika, Morado).
For Varonis, Threat Labs became a reusable GTM asset and a continuity play: the acquired programme kept shipping, sales decks cite it, comms pastes lines into rapid-response threads, and product marketing has a steady pipeline of technical proof points to reference in category conversations.