Dark Reading

Phishers Wreak 'Havoc,' Disguising Attack Inside SharePoint

A complex phishing campaign is targeting Microsoft SharePoint accounts with malicious documents aimed at getting users to compromise themselves by deploying a PowerShell command. The attack is a ...
Infosecurity-magazine.com

Phishing Campaign Uses Havoc Framework to Control Infected Systems

A new phishing campaign leveraging the open-source Havoc command-and-control (C2) framework has been discovered. Attackers are using modified versions of Havoc Demon Agent alongside Microsoft Graph ...
Bleeping Computer

Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks

Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in "ToolShell" ...