Chinese hacker organization Mustang Panda, suspected of being state-sponsored, has carried out a major cyberattack impacting at least 170 countries, according to the FBI and the Justice Department. The group used malware called PlugX to gain access to thousands of computers globally. In response, the FBI has launched a multi-month law enforcement operation to combat the malware. The removal of the malware from infected devices is being spearheaded by French authorities.

Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457)
A suspected Chinese advanced persistent threat (APT) group exploited CVE-2025-22457, a previously unexploitable buffer overflow bug, to compromise devices running Ivanti Connect Secure (ICS) and