Security reporting

If you believe you have found a security vulnerability affecting this website (varnox.io) or systems operated by Varnox, please report it responsibly using the contact below. We do not operate a public bug bounty program; we still appreciate clear, actionable reports.

How to report

Email [email protected] with a concise description, steps to reproduce, and any relevant logs or screenshots. Please allow reasonable time for triage before any public disclosure.

Scope

In scope: issues on varnox.io (including the contact form), obvious misconfigurations that could affect visitors or data, and credentials or keys accidentally exposed in public repositories clearly tied to this site.

Out of scope: social engineering of staff or customers, denial-of-service requiring large botnets, spam, or issues in third-party services we do not control (report those vendors directly).

What we ask

• Do not access, modify, or delete user data beyond what is needed to demonstrate impact.
• Do not disrupt production services.
• Encrypt sensitive attachments if you must send them by email.

General inquiries should use the contact page, not the security address.