Security News Mustang Panda Uses Signed Kernel Driver to Install TONESHELL Backdoor TheHackerNews Daniel Bender 30 Dec 2025 Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security tools.
