Earth Preta’s phishing chains now deploy ToneShell loaders for encrypted C&C and stealth persistence. The ER7 analysis outlines detection strategies: research.trendmicro.com/4aX1…

APT Analysis: Mustang Panda & ToneShell #MustangPanda #ToneShell #APT #CyberSecurity #ThreatIntel #MalwareAnalysis #Rootkit #امنیت_سایبری #تهدیدات_سایبری #تحلیل_بدافزار 1/6

#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (Dec.27 - Jan.03, 2026) 1⃣. Zero-Click Account Takeover on Prestashop dhakal-ananda.com.np/blogs/c… // Technical analysis of CVE-2025-61922 leading to zero-click account takeover in PrestaShop Checkout < 5.0.5 2⃣. Nuclei v3.6.2 github.com/projectdiscovery/… 3⃣. Endpoint Management Newsletter - December 1-21, 2025 danielengberg.com/newsletter… // This edition is a year-end roundup, focusing less on individual updates and more on what mattered for endpoint admins during the year, and what is worth carrying into 2026 4⃣. Azure RBAC Role Assignment Audit & Drift Detection Tool github.com/Logisek/EvilMist/… // script provides comprehensive Azure RBAC role assignment auditing across all accessible tenants and subscriptions, with baseline export and drift detection capabilities. It helps identify unauthorized changes to role assignments by comparing current Azure state against a known-good baseline 5⃣. The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor securelist.com/honeymyte-ker… 6⃣. tcpdump 4.99.6 tcpdump.org/ libpcap 1.10.6 tcpdump.org/release/libpcap-…

🚦Guilty Pleas for BlackCat ransomware insiders, Major Malware Arrests, Chinese State Backdoor Rootkit Activity, and Trust Wallet Crypto Theft Drains Thousands of Wallets 🚦 This week in cyber: The Good, the Bad & the Ugly ⬇️ ✅ GOOD • Two ex-security practitioners plead guilty for BlackCat ransomware attacks. • Malware distributor behind 2.8M clipper downloads arrested. • Former Coinbase support agent arrested for aiding hackers. ⚠️ BAD • Chinese state-aligned hackers use rootkit to hide ToneShell malware activity. 🤢 UGLY • Compromised Trust Wallet extension update leads to $7M crypto theft from ~2,600 wallets. Read the full recap → s1.ai/GBU9-Wk1

Advanced Rootkit Used to Conceal ToneShell Malware in Targeted Cyberespionage Attacks cysecurity.news/2025/12/adva… #cyberespionage #Kapersky #Kernel

Security Affairs: China-linked APT Mustang Panda was observed using a signed kernel-mode rootkit driver with embedded shellcode to deploy its ToneShell backdoor. securityaffairs.com/186318/s… @securityaffairs

ToneShellは中国系APTが使う長期潜伏型バックドア。低ノイズC2と高い隠蔽性で諜報活動を継続。最近はrootkit併用で不可視化も強化。検知＝既に深部侵害の可能性。#APT #ToneShell #CyberEspionage gbhackers.com/toneshell-malw…

HoneyMyte (aka Mustang Panda) Deploys ToneShell Backdoor in New Attacks hackread.com/honeymyte-musta…

Mustang Panda deploys ToneShell via signed kernel-mode rootkit driver securityaffairs.com/186318/s…

HoneyMyte aka Mustang Panda is using a signed rootkit to drop the #ToneShell backdoor in ongoing attacks, hiding its activity from security tools and giving attackers remote access to system. Read: hackread.com/honeymyte-musta… #CyberSecurity #HoneyMyte #MustangPanda #Malware

@kaspersky @KasperskyLabIT @e_kaspersky #Mustang #Panda deploys ToneShell via signed kernel-mode #rootkit driver securityaffairs.com/186318/s… #securityaffairs #hacking #china #malware

🔒 Breaking: Chinese state‑backed APT deployed a kernel‑mode rootkit to mask the ToneShell backdoor in recent attacks on government agencies. #CyberThreat #InfoSec

Chinese state hackers use rootkit to hide ToneShell malware activity bleepingcomputer.com/news/se…

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor reddit.com/r/InfoSecNews/com…

HoneyMyte (aka Mustang Panda) use kernel-mode rootkit of ToneShell in their recent campaign in South East Asia. Article by @NoushinShbb securelist.com/honeymyte-ker…

Mustang Panda deploys a signed kernel-mode rootkit to load the TONESHELL backdoor, targeting Asian government systems with stealthy driver hooks, reverse shell, and downloader capabilities. #MustangPanda #KernelRootkit #Asia ift.tt/PQK7hqs

China linked group, known for targeting governments and NGOS worldwide, gets accused of deploying Backdoor malware called the ToneShell @Mohammed11Saleh brings you this report

The #HoneyMyte APT (aka #MustangPanda) evolves with a kernel-mode rootkit and a ToneShell backdoor. securelist.com/honeymyte-ker…

هاكرز صينيون يستخدمون Rootkit لإخفاء نشاط برمجية التجسس ToneShell ara.tv/6555m