Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

bluevoyant

GrayZone Platform

Feb 18, 2026 By Thomas Elkins and Joshua Green In BlueVoyant
BlueVoyant analyzed a sophisticated and extensive campaign that leverages corporate shell companies, professional infrastructure, and code-signing certificates to distribute potentially unwanted applications (PUAs). This operation has established a persistent, platform-like foothold on user systems through software that presents a façade of corporate legitimacy. It combines continuous system access with ongoing data collection.
Read Post
Featured Post
AI in the SOC: Why Complete Autonomy Is the Wrong Goal

AI in the SOC: Why Complete Autonomy Is the Wrong Goal

Feb 17, 2026 By Dan Petrillo, VP of Product In BlueVoyant
As artificial intelligence (AI) becomes more deeply embedded in security operations, a divide has emerged in how its role is defined. Some argue the security operations centre (SOC) should be fully autonomous, with AI replacing human analysts. Others believe that augmentation is the right path, using AI to support and extend existing teams. Augmentation probably reflects how SOCs operate in practice. It helps analysts triage alerts, investigate incidents faster, and it brings better context into their work, while still ensuring humans are accountable for decisions.
Read Post
bluevoyant

Dangling DNS Is Off the Hook

Feb 2, 2026 By Lorri Janssen-Anessi In BlueVoyant
If your organization uses public cloud services or frequently spins up short‑lived web assets, there’s a good chance you already have at least one "dangling"DNS record. It's surprisingly easy to create one, and even easier to forget it exists. But a single forgotten record can give attackers a ready-made subdomain to host phishing pages, allow them to plant malware, or hijack your brand's reputation–without ever touching your infrastructure.
Read Post
bluevoyant

Operation Repo Ruse

Jan 15, 2026 By Thomas Elkins and Joshua Green In BlueVoyant
BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) researchers identified an active campaign by the prolific threat actor Rift Brigantine (a.k.a. TA505, FIN11, and Graceful Spider). In this iteration, the actor is leveraging fraudulent GitHub repositories to distribute malicious batch script installers masquerading as legitimate IT and security software, including Microsoft Remote Desktop Connection Manager (RDCMan) and Palo Alto Networks GlobalProtect.
Read Post
bluevoyant

AI in the SOC

Jan 13, 2026 By Dan Petrillo In BlueVoyant
Gartner frames the AI SOC landscape as a dichotomy: providers pursuing full SOC replacement versus those building AI products to augment existing staff. Of these two approaches, only augmentation aligns with real-world security operations. It helps analysts triage alerts, investigate faster, enrich context, and summarize incidents with better consistency, all while keeping humans in the loop, even if their day-to-day efforts change.
Read Post
Featured Post
From Spend to Impact: Fixing the Disconnect in U.K. Supply Chain Security

From Spend to Impact: Fixing the Disconnect in U.K. Supply Chain Security

Jan 7, 2026 By Robert Hannigan, Chairman of International Business In BlueVoyant
In today's hyperconnected economy, supply chains are no longer just operational backbones; they are strategic lifelines, shaping resilience, competitiveness, and innovation across industries. Yet for many U.K. organisations, these lifelines are becoming increasingly fragile. The most recent iteration of our global supply chain defence research indicates that - despite pouring significant resources into third party risk management (TPRM) programs and embracing new technologies to shore up their supply chain defences - U.K. businesses continue to face a high rate of supply chain breaches.
Read Post
bluevoyant

Getting the Right People to the Table

Dec 10, 2025 By Tara Ragan and James Hart In BlueVoyant
Implementing Microsoft Purview is not just an IT project – it’s a company-wide transformation that touches nearly every aspect of how your organization manages, protects, and governs data. Success requires aligning diverse perspectives and building consensus across teams. The initial push for Purview can come from many departments. If you are leading the effort, identifying who needs to be involved and understanding why their input matters will be key to driving buy-in and long-term success.
Read Post
bluevoyant

Fake SAP Concur Extensions Deliver New FireClient Malware Variant

Dec 4, 2025 By Joshua Green and Thomas Elkins In BlueVoyant
The BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) team are tracking an adversary luring users into downloading fake Concur browser extensions. The fake browser extension installer contains a FireClient Loader designed to gather host information and send to its command and control (C2) server. If execution succeeds with successful communication to the C2, the loader drops a backdoor BlueVoyant is naming FireClient Backdoor.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.