Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

BlueVoyant’s Threat Fusion Cell (TFC) and Security Operations Center (SOC) researchers have uncovered a recent cyber campaign featuring a unique twist on fake browser updates. This attack leveraged the GrimResource vulnerability and delivered the PureLogs stealer malware to targeted environments through disguised Microsoft Management Console (MSC) files.

If your organization has a Microsoft Azure Consumption Commitment (MACC), you’re already on the path to optimizing cloud spend. But are you making the most of it? MACC isn’t just a budgeting tool, it’s a strategic advantage. By transacting eligible solutions through the Azure Marketplace, you can decrement your commitment while accelerating your cloud security and operations. That’s where BlueVoyant comes in.

BlueVoyant investigated the latest Oyster malware attacks, delivered in a widespread campaign targeting IT professionals by impersonating legitimate IT tools. The campaign was originally discovered by outside researchers, but when BlueVoyant’s SOC observed suspicious behavior in a client environment within the healthcare sector, the team, including the Threat Fusion Cell (TFC), decided to delve deeper.

A recent investigation by BlueVoyant’s threat analysts has uncovered a sophisticated phishing campaign exploiting the Weebly.com platform to create fraudulent websites targeting small to mid-sized banks and financial institutions across the United States. This campaign stands out for its widespread scale and diffusion. Over the past few months, BlueVoyant has identified hundreds of phishing websites targeting more than 200 American banks and financial institutions.

As organizations rapidly embrace generative AI tools like Microsoft 365 Copilot to boost productivity and innovation, a critical question emerges: Is your data fully protected against today's accelerating and deepening threat landscape? The integration of generative AI tools (such as Microsoft 365 Copilot) into daily workflows brings unprecedented opportunities to enhance productivity. Yet equally unprecedented risks to your organization's most sensitive information.

The BlueVoyant Security Operations Center (SOC) recently responded to a client’s user accessing a potentially malicious link that further research identified as part of a recent, robust campaign aimed at stealing Twilio SendGrid credentials. The attack was investigated by BlueVoyant’s Threat Fusion Cell (TFC) to understand how it can bypass email filters, and how it likely targeted IT departments.

BlueVoyant Threat Fusion Cell (TFC) researchers recently investigated a ClickFix attack with unique aspects. The attack began when a user for a UK-based organization navigated to a restaurant’s website for reservations, which they reportedly had used extensively in the past to conduct business meetings and corroborated in the logs.

The first half of 2025 has been a period of disruption and realignment within the ransomware ecosystem. Following years of dominance by a few key players, the landscape has fragmented into a chaotic and highly competitive market defined by new leaders, divergent attack strategies, and a laser focus on high-pressure targets. In total, more than 3,000 ransomware incidents were recorded in the first six months of the year. The overall threat has not diminished; it has become more unpredictable.

In our 1,200-plus Sentinel deployments, we've seen the same pattern play out repeatedly. Security teams forced to choose between comprehensive visibility and manageable costs. Logs getting aged out just when they become most valuable for investigations. Compliance requirements colliding with retention budgets. The pressure to do more with less doesn't come with a pause button. And until now, that pressure has meant making hard choices about what security data to keep and what to let go.