Hackers Breach 766 Next.js Hosts Using CVE-2025-55182: A Large-Scale Credential Harvesting Operation

A recent large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability, also known as CVE-2025-55182, as an initial infection vector to steal sensitive information.

The attackers have successfully breached 766 Next.js hosts, resulting in the theft of database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale.

This operation has been attributed to a threat cluster tracked by Cisco Talos, highlighting the severity of the vulnerability and the importance of patching it to prevent such attacks.

The exploitation of CVE-2025-55182 has significant implications for organizations using Next.js, emphasizing the need for proactive security measures to prevent credential harvesting and protect sensitive data.

As the threat landscape continues to evolve, it is crucial for organizations to stay informed about the latest vulnerabilities and threats, such as the React2Shell vulnerability, to ensure the security and integrity of their systems and data.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

New SparkCat Malware Variant Targets iOS and Android Users’ Crypto Wallets

npm Supply Chain Attack: UNC1069 Uses Social Engineering on Axios Maintainer