The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Multiple Threat Actors Leveraging CVE-2025-55182 (React2Shell)

Dec 19, 2025 1:24:26 PM / by The Hivemind posted in Threat Bulletin, Linux backdoor, post-exploitation activity, CVE-2025-55182, React RCE, Next.js vulnerability, KSwapDoor backdoor, Cobalt Strike Linux, EtherRAT

0 Comments

Verticals Targeted: Technology
Regions Targeted: Unspecified
Related Families: KSwapDoor, EtherRAT, Noodle RAT, SNOWLIGHT, VShell, Cobalt Strike, XMRig, Mirai, Others

Read More

Plague Linux Backdoor

Aug 15, 2025 11:28:22 AM / by The Hivemind posted in Threat Hunting, Threat Bulletin, PAM malware, stealthy authentication bypass, Linux backdoor, XOR obfuscation, SSH persistence, Linux security

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: None

Executive Summary

Researchers have uncovered Plague, a previously undetected Linux backdoor masquerading as a malicious Pluggable Authentication Module (PAM) to enable persistent SSH access and authentication bypass. This implant's layered obfuscation and environment tampering allow it to evade detection, persisting across system updates with minimal forensic traces.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More