Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

BlueVoyant’s Threat Fusion Cell (TFC) observed a Bookingcom references relate solely to adversary brand impersonation.

Implementing Microsoft Purview is not just an IT project – it’s a company-wide transformation that touches nearly every aspect of how your organization manages, protects, and governs data. Success requires aligning diverse perspectives and building consensus across teams. The initial push for Purview can come from many departments. If you are leading the effort, identifying who needs to be involved and understanding why their input matters will be key to driving buy-in and long-term success.

The BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) team are tracking an adversary luring users into downloading fake Concur browser extensions. The fake browser extension installer contains a FireClient Loader designed to gather host information and send to its command and control (C2) server. If execution succeeds with successful communication to the C2, the loader drops a backdoor BlueVoyant is naming FireClient Backdoor.

After six years of tracking third-party risk management programs (TPRM), one thing has become clear: having a program doesn't necessarily mean it's working. Our latest The State of Supply Chain Defense report reveals an interesting shift. Organizations are spending more than ever on securing their vendor ecosystem, with 95% planning to increase their budgets in the next year. Programs are maturing, with nearly half of surveyed organizations reporting established and optimized initiatives.

Microsoft Ignite 2025 delivered big news for security professionals. The theme this year is clear: Microsoft is giving customers more capability inside the tools they already own, focused on AI agents and integrations. Whether you are a small IT team, a mid-market group, or a global enterprise, these updates can transform your security posture.

BlueVoyant’s Threat Fusion Cell and SOC have been tracking a significant and persistent social engineering campaign that cleverly exploits trusted communication channels to gain initial access to target networks. Since at least mid-October 2025, BlueVoyant has observed a consistent playbook where threat actors employ inbox sabotage as a pretext for highly convincing IT support impersonation over Microsoft Teams.

BlueVoyant’s Threat Fusion Cell (TFC) and Security Operations Center (SOC) have uncovered a cyber campaign that signals a concerning evolution in the threat landscape: the rise of the "LLM-Enabled Developer." In-depth analysis suggests the actor behind an ongoing ClickFix campaign leveraged publicly documented advanced attack chains, powered by AI-generated code, to deploy a less sophisticated, but capable Node.js RAT.

The digital ecosystem of financial institutions is a complex web, intricately woven with the services of third-party providers. From cloud computing and AI solutions to critical IT managed services, these partnerships offer undeniable benefits – innovation, efficiency, and specialized expertise. However, as a recent, crucial letter from the New York Department of Financial Services (NYDFS) emphatically highlights, this reliance introduces significant, escalating cybersecurity risks.

The BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) researchers recently analyzed attacks of an adversary targeting users based in Brazil via WhatsApp. The attack lures users into downloading a zip archive. The zip archive contains a shortcut file (.lnk) which ultimately downloads and executes a banking trojan which BlueVoyant researchers have dubbed Maverick internally based off the naming convention used by the attackers.