A large-scale automated credential theft campaign is exploiting the React2Shell vulnerability (CVE-2025-55182) in Next.js applications. Attributed to threat cluster UAT-10608 by Cisco Talos, the operation compromised 766 hosts within 24 hours using a framework called NEXUS Listener. Stolen data includes AWS/GCP/Azure

3m read timeFrom bleepingcomputer.com
Post cover image
Table of contents
Automated secret harvestingDefense recommendationsRelated Articles:

Sort: