The FBI, in collaboration with international partners, successfully deleted “PlugX” malware from infected computers globally. The Chinese government-funded hacking group, “Mustang Panda,” that used a version of PlugX to steal information was behind the scams. Leading the operation were French law enforcement and French cybersecurity firm Sekoia.io. The removal of the malware from about 4,258 US-based computers was authorized by the Justice Department. The FBI continues to investigate Mustang Panda’s activities.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is