A recent intrusion beginning in August 2025 revealed China-nexus threat actors using a technique called log poisoning to deploy a China Chopper web shell on vulnerable web servers. The attackers used AntSword for control and introduced a lesser-known tool, Nezha, to run commands and later deploy Ghost RAT. This marks the first known use of Nezha in web compromises....