Chinese state hackers use rootkit to hide ToneShell malware activity December 30, 2025 A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader
