Client: SlashNext, a phishing and BEC defence company (now part of Varonis). Engagement: A long-running threat research and blog programme (legacy SlashNext URLs now resolve through Varonis). Our role: Cyberou produced practitioner-grade articles under SlashNext’s brand; their team reviewed every piece before publication.
Summary
SlashNext’s audience is unforgiving: security researchers, incident responders, and journalists who have seen every recycled “AI is scary” headline. The business still needed a steady stream of credible stories that marketing, comms, and sales could point to without apologising for the first paragraph.
Cyberou worked as an embedded editorial partner for roughly twenty-seven months, turning real underground activity (including early work on themes such as WormGPT, Xanthorox AI, and SessionShark) into long-form posts that read like research notes, not vendor fluff. The output was a growing set of live URLs that could sit next to product launches, analyst days, and press outreach. After the Varonis acquisition, many articles now live on Varonis properties; the programme itself is unchanged in intent: defend the reader’s time, show the mechanics, name what changed.
- Long-form threat research, not news rewrites
- Published under SlashNext’s brand and review process
- An archive the whole GTM organisation could share while the programme ran
Challenge
The tension: marketing needs a predictable cadence of “something new to say.” Researchers have zero patience for thin content or speculative claims. SlashNext wanted an ongoing stream of blog pieces that could sit next to launches, briefings, and press without the awkward moment when a technical lead reads the opening and asks who signed off on it.
The bar was not “sound smart.” The bar was be right: traceable behaviour, realistic tradecraft, and language that still scanned for a busy reader on mobile. Anything that felt like a brochure dressed as research would have damaged trust with the exact audience SlashNext sells to.
At the same time, the work had to be usable in the field. Outbound needed links. Comms needed explainers. Events needed proof that did not age out after one quarter. The programme had to compound, not reset every time the news cycle moved on.
Approach
We treated each article like a small research memo: start from what changed in the underground economy or in attacker tooling, explain what a defender should look for on Monday morning, and only then connect to how SlashNext thinks about defence. That order matters. Readers smell “product first” immediately.
Drafts moved through SlashNext’s review loop so tone, claims, and framing matched what they wanted to say in market. When something was shaky, we cut it or rewrote it. When a metaphor landed but the sourcing did not, we fixed the sourcing. The goal was publication without a painful rewrite cycle on their side.
Visually, the programme lived on SlashNext’s blog as normal editorial: hero imagery, clear headings, and pull quotes where they helped scanning. The substance underneath was analyst-style structure: what happened, who it affects, what to check, what changed compared with last quarter.
SlashNext joined Varonis; legacy slashnext.com article URLs now forward to Varonis. The substance of the programme is unchanged: long-form threat research your team can still drop into outbound and press.
Results
The practical outcome we optimised for was simple: a living backlog of credible URLs that teams could reuse without re-explaining the world from scratch every quarter. Outbound could paste a link after a call. Comms could brief journalists with a primary source. Events could point to published work instead of slide-only proof.
The same articles became artefacts sales and marketing could hand to people who do not live in phishing forums: a stable way to say “here is how we think about the problem” without improvising a new narrative every week. Cyberou’s scope on this programme was the written piece: structure, sourcing discipline, and language that still read like SlashNext.
After SlashNext joined Varonis, legacy slashnext.com article URLs began forwarding to Varonis. If you are evaluating this case study today, read the live canonical posts on Varonis and treat this page as the narrative of how that library was built, not a guarantee of which URL bar you will see in five years.
Where to read it
- WormGPT: The Generative AI Tool Cybercriminals Are Using to Launch BEC Attacks · Varonis blog (canonical home for this SlashNext-era piece)
- Varonis email security · product hub for the combined SlashNext + Varonis story