HoneyMyte (aka Mustang Panda) Deploys ToneShell Backdoor in New Attacks
HoneyMyte (Mustang Panda) is back with a new ToneShell backdoor. Read how this stealthy attack blinds Microsoft Defender to target government entities in Asia.
Backdoor
The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.
Cloud Atlas activity in the first half of 2025: what changed
Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.
Cisco email security appliances rooted and backdoored via still unpatched zero-day
A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researchers have shared. “Our analysis indicates that ap…
Fake Microsoft Teams and Google Meet Downloads Spread Oyster Backdoor
The Oyster backdoor (also known as Broomstick) is targeting the financial world, using malicious search ads for PuTTY, Teams, and Google Meet.
7 Year Long ShadyPanda Attack Spied on 4.3M Chrome and Edge Users
Koi Security exposes ShadyPanda, a group that used trusted Chrome/Edge extensions to infect 4.3 million users over 7 years for deep surveillance and corporate espionage.
7 Year Long ShadyPanda Attack Spied on 4.3M Chrome and Edge Users
Koi Security exposes ShadyPanda, a group that used trusted Chrome/Edge extensions to infect 4.3 million users over 7 years for deep surveillance and corporate espionage.
Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors
The extensions were seen profiling users, reading cookie data to create unique identifiers, and executing payloads with browser API access.
The post Chrome, Edge Extensions Caught Tracking Users, Creating Backdoors appeared first on SecurityWeek.
Cavalry Werewolf Hit Russian Government with New ShellNET Backdoor
Doctor Web uncovers a targeted cyberattack on a Russian government body by the Cavalry Werewolf group using a new ShellNET backdoor and Telegram-based control.
SesameOp Backdoor Abused OpenAI Assistants API for Remote Access
Microsoft researchers found the SesameOp backdoor using OpenAI’s Assistants API for remote access, data theft, and command communication.