Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Microsoft Ignite 2025 delivered big news for security professionals. The theme this year is clear: Microsoft is giving customers more capability inside the tools they already own, focused on AI agents and integrations. Whether you are a small IT team, a mid-market group, or a global enterprise, these updates can transform your security posture.

BlueVoyant’s Threat Fusion Cell and SOC have been tracking a significant and persistent social engineering campaign that cleverly exploits trusted communication channels to gain initial access to target networks. Since at least mid-October 2025, BlueVoyant has observed a consistent playbook where threat actors employ inbox sabotage as a pretext for highly convincing IT support impersonation over Microsoft Teams.

BlueVoyant’s Threat Fusion Cell (TFC) and Security Operations Center (SOC) have uncovered a cyber campaign that signals a concerning evolution in the threat landscape: the rise of the "LLM-Enabled Developer." In-depth analysis suggests the actor behind an ongoing ClickFix campaign leveraged publicly documented advanced attack chains, powered by AI-generated code, to deploy a less sophisticated, but capable Node.js RAT.