Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

After six years of tracking third-party risk management programs (TPRM), one thing has become clear: having a program doesn't necessarily mean it's working. Our latest The State of Supply Chain Defense report reveals an interesting shift. Organizations are spending more than ever on securing their vendor ecosystem, with 95% planning to increase their budgets in the next year. Programs are maturing, with nearly half of surveyed organizations reporting established and optimized initiatives.

Microsoft Ignite 2025 delivered big news for security professionals. The theme this year is clear: Microsoft is giving customers more capability inside the tools they already own, focused on AI agents and integrations. Whether you are a small IT team, a mid-market group, or a global enterprise, these updates can transform your security posture.

BlueVoyant’s Threat Fusion Cell and SOC have been tracking a significant and persistent social engineering campaign that cleverly exploits trusted communication channels to gain initial access to target networks. Since at least mid-October 2025, BlueVoyant has observed a consistent playbook where threat actors employ inbox sabotage as a pretext for highly convincing IT support impersonation over Microsoft Teams.

BlueVoyant’s Threat Fusion Cell (TFC) and Security Operations Center (SOC) have uncovered a cyber campaign that signals a concerning evolution in the threat landscape: the rise of the "LLM-Enabled Developer." In-depth analysis suggests the actor behind an ongoing ClickFix campaign leveraged publicly documented advanced attack chains, powered by AI-generated code, to deploy a less sophisticated, but capable Node.js RAT.

The digital ecosystem of financial institutions is a complex web, intricately woven with the services of third-party providers. From cloud computing and AI solutions to critical IT managed services, these partnerships offer undeniable benefits – innovation, efficiency, and specialized expertise. However, as a recent, crucial letter from the New York Department of Financial Services (NYDFS) emphatically highlights, this reliance introduces significant, escalating cybersecurity risks.

The BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) researchers recently analyzed attacks of an adversary targeting users based in Brazil via WhatsApp. The attack lures users into downloading a zip archive. The zip archive contains a shortcut file (.lnk) which ultimately downloads and executes a banking trojan which BlueVoyant researchers have dubbed Maverick internally based off the naming convention used by the attackers.

The BlueVoyant Security Operations Team (SOC) and Threat Fusion Cell (TFC) researchers recently analyzed a sophisticated phishing incident where a user was lured into visiting a fake IRS website to verify a “tax refund”. The scheme was initiated via a phishing email, leading the user to the fraudulent site.

The lack of a universal standard for naming threat actors often creates confusion in the cybersecurity community. The same threat actor can be identified by multiple aliases depending on the vendor or team tracking it. For example, a Russian government-sponsored cyber threat group is referred to alternatively as “APT29”, “Cozy Bear”, “Midnight Blizzard” and “Nobelium”.

BlueVoyant recently announced its strategic partnership with the Automotive Information Sharing and Analysis Center (Auto-ISAC), the central organization for cybersecurity collaboration in the automotive industry. Information Sharing and Analysis Centers (ISACs) are important organizations that provide a central resource within a given sector for gathering, analyzing, and sharing information on cyber threats and vulnerabilities.