Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

BlueVoyant Threat Fusion Cell (TFC) researchers recently investigated a ClickFix attack with unique aspects. The attack began when a user for a UK-based organization navigated to a restaurant’s website for reservations, which they reportedly had used extensively in the past to conduct business meetings and corroborated in the logs.

The first half of 2025 has been a period of disruption and realignment within the ransomware ecosystem. Following years of dominance by a few key players, the landscape has fragmented into a chaotic and highly competitive market defined by new leaders, divergent attack strategies, and a laser focus on high-pressure targets. In total, more than 3,000 ransomware incidents were recorded in the first six months of the year. The overall threat has not diminished; it has become more unpredictable.

In our 1,200-plus Sentinel deployments, we've seen the same pattern play out repeatedly. Security teams forced to choose between comprehensive visibility and manageable costs. Logs getting aged out just when they become most valuable for investigations. Compliance requirements colliding with retention budgets. The pressure to do more with less doesn't come with a pause button. And until now, that pressure has meant making hard choices about what security data to keep and what to let go.

The BlueVoyant SOC consistently monitors and analyzes threats within customers instances 24x7. One threat we have been tracking and observing has been a free-ware software known as RecipeLister. This software claims to provide users with the capabilities of viewing and downloading recipes in order to assist in the journey of staying healthy. While this capability was rather appetizing, we discovered there was more to be unpacked by this software.

As an enterprise organization leveraging Microsoft's comprehensive security ecosystem — including Sentinel, Defender XDR, Defender for Cloud, and Microsoft Security Copilot — you've established a robust security operation. However, the security landscape continuously evolves including your organization's changing business requirements and Microsoft's ongoing platform enhancements.

Look at any collection of top 10 organizational security concerns from recent years, and “third-party breaches” are consistently high on the list. These attacks have caused financial and reputational damage to every sector, from banks to healthcare systems to retail to governments. And the problem is growing. Recent statistics highlight just how severe the issue has become.