The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.

A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations.

To defend against the new attacks, the researchers advise memory forensics as the number one way of spotting ToneShell infections. They also shared a list of indicators of compromise (IoC) which can ...

Microsoft's secret patch fixes 8-Year LNK zero-day exploited by hackers Angel Bena : Pexels Cybersecurity experts warn of a stealthy Microsoft patch addressing a long-exploited Windows LNK zero-day ...

Microsoft has quietly rolled out a partial mitigation for the high-severity Windows LNK vulnerability, CVE-2025-9491, which multiple state-sponsored groups and cybercrime gangs have been exploiting as ...

Cybersecurity experts warn of a stealthy Microsoft patch addressing a long-exploited Windows LNK zero-day vulnerability, CVE-2025-9491, now mitigated in November 2025 updates. Threat actors, including ...

Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's November 2025 Patch Tuesday updates, according to ACROS Security's ...

Microsoft quietly issued a fix for a long-exploited Windows zero-day vulnerability in its November security updates, closing a loophole that experts say enabled state-sponsored hacking groups from ...

PlugX is a staple tool of Mustang Panda , which is also tracked as BASIN, Bronze President, Camaro Dragon, Earth Preta, HoneyMyte, RedDelta, Red Lich, Stately Taurus, TA416, and TEMP.Hex. It's known ...

Infosec in brief PLUS: Cyber-exec admits selling secrets to Russia; LastPass isn't checking to see if you're dead; Nation-state backed Windows malware; and more ...