CYBERSIXT Signal Over Noise
securityonline.info 6/10/2026, 9:11:27 AM · external

Havoc Stager Uses Fake Invoices to Hit South American Firms

Havoc Stager Uses Fake Invoices to Hit South American Firms
CyberSIXT Evidence Panel
Primary Source levelblue.com
CVE Intel
CVE-2026-11645 - NVD CISA KEV due 2026-06-23 8.8 HIGH
CVE-2026-7473 - NVD CISA KEV due 2026-06-23 6.9 MEDIUM
CVE-2026-20245 - NVD CISA KEV due 2026-06-23 7.8 HIGH Patch Unknown
CISA KEV Listed in KEV
Patch Patch Available

THE content highlights three critical vulnerabilities detected today: CVE-2026-11645 (Google Chromium), CVE-2026-7473 (Arista Operating System), and CVE-2026-20245 (Cisco Catalyst). It focuses on a dangerous Havoc stager campaign exploiting fake electronic invoices to compromise corporate systems, particularly affecting businesses in South America. The campaign employs sophisticated tactics to deceive employees, using ZIP files that contain malicious scripts disguised as official documents.

The deception allows attackers to execute a multi-stage infection process and establish memory-resident backdoors that evade detection. Recommendations for defense include monitoring outbound network activity and auditing environment variables regularly to mitigate these threats.

View Primary Source Via securityonline.info

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline