Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

bluevoyant

New A0Backdoor Linked to Teams Impersonation and Quick Assist Social Engineering

Mar 6, 2026 By Thomas Elkins and Joshua Green In BlueVoyant
BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) continue to track an activity cluster that uses email bombing and IT-support impersonation over Microsoft Teams to obtain Quick Assist access, then pivot to a deeper attack. This research shows that once on the victim’s host, the actors sideload a malicious DLL to deliver a new backdoor BlueVoyant has dubbed the A0Backdoor.
Read Post
bluevoyant

GrayZone Platform

Feb 18, 2026 By Thomas Elkins and Joshua Green In BlueVoyant
BlueVoyant analyzed a sophisticated and extensive campaign that leverages corporate shell companies, professional infrastructure, and code-signing certificates to distribute potentially unwanted applications (PUAs). This operation has established a persistent, platform-like foothold on user systems through software that presents a façade of corporate legitimacy. It combines continuous system access with ongoing data collection.
Read Post
Featured Post
AI in the SOC: Why Complete Autonomy Is the Wrong Goal

AI in the SOC: Why Complete Autonomy Is the Wrong Goal

Feb 17, 2026 By Dan Petrillo, VP of Product In BlueVoyant
As artificial intelligence (AI) becomes more deeply embedded in security operations, a divide has emerged in how its role is defined. Some argue the security operations centre (SOC) should be fully autonomous, with AI replacing human analysts. Others believe that augmentation is the right path, using AI to support and extend existing teams. Augmentation probably reflects how SOCs operate in practice. It helps analysts triage alerts, investigate incidents faster, and it brings better context into their work, while still ensuring humans are accountable for decisions.
Read Post
bluevoyant

Dangling DNS Is Off the Hook

Feb 2, 2026 By Lorri Janssen-Anessi In BlueVoyant
If your organization uses public cloud services or frequently spins up short‑lived web assets, there’s a good chance you already have at least one "dangling"DNS record. It's surprisingly easy to create one, and even easier to forget it exists. But a single forgotten record can give attackers a ready-made subdomain to host phishing pages, allow them to plant malware, or hijack your brand's reputation–without ever touching your infrastructure.
Read Post
bluevoyant

Operation Repo Ruse

Jan 15, 2026 By Thomas Elkins and Joshua Green In BlueVoyant
BlueVoyant Security Operations Center (SOC) and Threat Fusion Cell (TFC) researchers identified an active campaign by the prolific threat actor Rift Brigantine (a.k.a. TA505, FIN11, and Graceful Spider). In this iteration, the actor is leveraging fraudulent GitHub repositories to distribute malicious batch script installers masquerading as legitimate IT and security software, including Microsoft Remote Desktop Connection Manager (RDCMan) and Palo Alto Networks GlobalProtect.
Read Post
bluevoyant

AI in the SOC

Jan 13, 2026 By Dan Petrillo In BlueVoyant
Gartner frames the AI SOC landscape as a dichotomy: providers pursuing full SOC replacement versus those building AI products to augment existing staff. Of these two approaches, only augmentation aligns with real-world security operations. It helps analysts triage alerts, investigate faster, enrich context, and summarize incidents with better consistency, all while keeping humans in the loop, even if their day-to-day efforts change.
Read Post
Featured Post
From Spend to Impact: Fixing the Disconnect in U.K. Supply Chain Security

From Spend to Impact: Fixing the Disconnect in U.K. Supply Chain Security

Jan 7, 2026 By Robert Hannigan, Chairman of International Business In BlueVoyant
In today's hyperconnected economy, supply chains are no longer just operational backbones; they are strategic lifelines, shaping resilience, competitiveness, and innovation across industries. Yet for many U.K. organisations, these lifelines are becoming increasingly fragile. The most recent iteration of our global supply chain defence research indicates that - despite pouring significant resources into third party risk management (TPRM) programs and embracing new technologies to shore up their supply chain defences - U.K. businesses continue to face a high rate of supply chain breaches.
Read Post
bluevoyant

Getting the Right People to the Table

Dec 10, 2025 By Tara Ragan and James Hart In BlueVoyant
Implementing Microsoft Purview is not just an IT project – it’s a company-wide transformation that touches nearly every aspect of how your organization manages, protects, and governs data. Success requires aligning diverse perspectives and building consensus across teams. The initial push for Purview can come from many departments. If you are leading the effort, identifying who needs to be involved and understanding why their input matters will be key to driving buy-in and long-term success.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.