React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors The security vulnerability known as React2Shell is being exploited by threat actors deliver malware families like KSwapDoor and ZnDoor , according findings from Palo Alto Networks Unit 42 NTT Security. "KSwapDoor a professionally engineered remote access tool designed with stealth in mind," Justin Moore, senior manager of intel research at 42, said statement. "It builds an internal mesh network, allowing compromised servers talk each other evade blocks. It uses military-grade encryption hide its communications and, most alarmingly, features 'sleeper' mode that lets attackers bypass firewalls waking the up secret, invisible signal." cybersecurity company noted it was previously mistakenly classified BPFDoor adding backdoor offers interactive shell, command execution, file operations, lateral movement scanning capabilities. also ... https://thehackernews.com/2025/12/react2shell-vulnerability-actively.html