A sophisticated phishing campaign involves multi-stage attacks combining social engineering and modified open-source tools to compromise Windows systems. Active since March 2025, it employs deceptive tactics to execute malicious code, utilizing a customized version of the Havoc framework. Attackers exploit Microsoft SharePoint for command-and-control communications, complicating detection, and support various commands for data exfiltration and lateral movement.

Are organisations leaving non-technical teams exposed in a cyber crisis? – The AI Journal
Are organisations leaving non-technical teams exposed in a cyber crisis? The AI Journal


