Havoc: SharePoint with Microsoft Graph API turns into FUD C2

FortiGuard Labs details a high-severity phishing campaign that uses a ClickFix HTML lure and multi-stage loaders (PowerShell -> Python shellcode loader -> KaynLdr) to deploy a modified Havoc Demon backdoor; the Havoc agent is altered to use Microsoft Graph API and SharePoint files for covert C2 communications, and the report includes technical analysis, mitigations, Fortinet detections, and IOCs.