CVE-2025-55182 Exploited in Massive Credential Harvesting Operation

A large-scale credential harvesting operation has been discovered, leveraging the React2Shell vulnerability, also known as CVE-2025-55182, to steal sensitive data from 766 Next.js hosts.

The attackers are using this vulnerability as an initial infection vector to gain access to a wide range of sensitive information, including database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens.

Cisco Talos, a renowned cybersecurity firm, has attributed this operation to a specific threat cluster, highlighting the sophistication and coordination of the attackers.

The React2Shell vulnerability, identified as CVE-2025-55182, has become a focal point for hackers looking to breach Next.js hosts and steal valuable credentials, emphasizing the need for prompt patching and robust security measures.

As the threat landscape continues to evolve, it is essential for organizations to stay vigilant and proactive in protecting their systems and data from such exploits, ensuring the security and integrity of their online presence.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

Cybersecurity Weekly Recap: High-Profile Hacks and 0-Day Exploits

ComfyUI Instances Under Siege: Cryptomining Botnet Campaign Exploits Vulnerabilities