Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

bluevoyant

Microsoft Purview Brings AI Readiness, Data Security, and Continuous Compliance

Mar 19, 2026 By Dan Petrillo In BlueVoyant
Microsoft Purview is a powerful platform, but power without expertise can lead to underutilization, misconfiguration, and missed opportunities. Across industries, organizations are grappling with a common set of challenges: The stakes are high. A single compliance incident can cost organizations between $100,000 and $5 million in fines and penalties. And that figure doesn't account for the reputational damage, operational disruption, and remediation costs that follow.
Read Post
Featured Post
Managing Persistent Exposure: Why APT Defence Requires a Strategic Shift

Managing Persistent Exposure: Why APT Defence Requires a Strategic Shift

Mar 17, 2026 By Lorri Janssen-Anessi, Director of External Cybersecurity Assessments In BlueVoyant
Most organisations are wellequipped to respond to visible cyber incidents such as ransomware attacks, service outages, alert surges, or public disclosures. These events trigger established response processes: there is a clear catalyst, an observable impact, and a defined operational playbook.
Read Post
bluevoyant

New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering

Mar 6, 2026 By Thomas Elkins and Joshua Green In BlueVoyant
BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) continue to track an activity cluster that uses email bombing and IT-support impersonation over Microsoft Teams to obtain Quick Assist access, then pivot to a deeper attack. This research shows that once on the victim’s host, the actors sideload a malicious DLL to deliver a new backdoor BlueVoyant has dubbed the A0Backdoor.
Read Post
bluevoyant

GrayZone Platform

Feb 18, 2026 By Thomas Elkins and Joshua Green In BlueVoyant
BlueVoyant analyzed a sophisticated and extensive campaign that leverages corporate shell companies, professional infrastructure, and code-signing certificates to distribute potentially unwanted applications (PUAs). This operation has established a persistent, platform-like foothold on user systems through software that presents a façade of corporate legitimacy. It combines continuous system access with ongoing data collection.
Read Post
Featured Post
AI in the SOC: Why Complete Autonomy Is the Wrong Goal

AI in the SOC: Why Complete Autonomy Is the Wrong Goal

Feb 17, 2026 By Dan Petrillo, VP of Product In BlueVoyant
As artificial intelligence (AI) becomes more deeply embedded in security operations, a divide has emerged in how its role is defined. Some argue the security operations centre (SOC) should be fully autonomous, with AI replacing human analysts. Others believe that augmentation is the right path, using AI to support and extend existing teams. Augmentation probably reflects how SOCs operate in practice. It helps analysts triage alerts, investigate incidents faster, and it brings better context into their work, while still ensuring humans are accountable for decisions.
Read Post
bluevoyant

Dangling DNS Is Off the Hook

Feb 2, 2026 By Lorri Janssen-Anessi In BlueVoyant
If your organization uses public cloud services or frequently spins up short‑lived web assets, there’s a good chance you already have at least one "dangling"DNS record. It's surprisingly easy to create one, and even easier to forget it exists. But a single forgotten record can give attackers a ready-made subdomain to host phishing pages, allow them to plant malware, or hijack your brand's reputation–without ever touching your infrastructure.
Read Post
bluevoyant

Operation Repo Ruse

Jan 15, 2026 By Thomas Elkins and Joshua Green In BlueVoyant
BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) researchers identified an active campaign by the prolific threat actor Rift Brigantine (a.k.a. TA505, FIN11, and Graceful Spider). In this iteration, the actor is leveraging fraudulent GitHub repositories to distribute malicious batch script installers masquerading as legitimate IT and security software, including Microsoft Remote Desktop Connection Manager (RDCMan) and Palo Alto Networks GlobalProtect.
Read Post
bluevoyant

AI in the SOC

Jan 13, 2026 By Dan Petrillo In BlueVoyant
Gartner frames the AI SOC landscape as a dichotomy: providers pursuing full SOC replacement versus those building AI products to augment existing staff. Of these two approaches, only augmentation aligns with real-world security operations. It helps analysts triage alerts, investigate faster, enrich context, and summarize incidents with better consistency, all while keeping humans in the loop, even if their day-to-day efforts change.
Read Post
Featured Post
From Spend to Impact: Fixing the Disconnect in U.K. Supply Chain Security

From Spend to Impact: Fixing the Disconnect in U.K. Supply Chain Security

Jan 7, 2026 By Robert Hannigan, Chairman of International Business In BlueVoyant
In today's hyperconnected economy, supply chains are no longer just operational backbones; they are strategic lifelines, shaping resilience, competitiveness, and innovation across industries. Yet for many U.K. organisations, these lifelines are becoming increasingly fragile. The most recent iteration of our global supply chain defence research indicates that - despite pouring significant resources into third party risk management (TPRM) programs and embracing new technologies to shore up their supply chain defences - U.K. businesses continue to face a high rate of supply chain breaches.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.