Hackers Breach 766 Next.js Hosts Using CVE-2025-55182: A Large-Scale Credential Harvesting Operation

A large-scale credential harvesting operation has been observed, exploiting the React2Shell vulnerability, also known as CVE-2025-55182, to steal sensitive information from 766 Next.js hosts.

The attackers have been able to obtain database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens, highlighting the severity of the breach.

This vulnerability has been attributed to a threat cluster tracked by Cisco Talos, which has been linked to various malicious activities in the past.

The exploitation of CVE-2025-55182 is particularly concerning, given the widespread use of Next.js and the potential for further breaches if left unpatched.

It is essential for organizations to take immediate action to patch the vulnerability and protect their sensitive information from falling into the wrong hands.

As the threat landscape continues to evolve, staying informed about the latest vulnerabilities, such as CVE-2025-55182, is crucial for maintaining robust cybersecurity posture and preventing large-scale credential harvesting operations.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

Cybersecurity Threats: Pre-Auth Chains, Android Rootkits, and CloudTrail Evasion

Cybersecurity Threats Escalate: Pre-Auth Chains, Android Rootkits, and CloudTrail Evasion