Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials A large-scale credential harvesting campaign attributed to Cisco Talos cluster UAT-10608 exploits the React2Shell vulnerability in Next.js (CVE-2025-55182) to achieve remote code execution and deploy the NEXUS Listener framework that steals database credentials, SSH keys, cloud IAM tokens, API keys, and other secrets. At least 766 hosts across multiple regions and...

Hackers exploited CVE-2025-55182 (React2Shell) to breach 766 Next.js hosts, deploying NEXUS Listener to steal database credentials, SSH keys, and cloud tokens. Impact spans multiple regions and cloud providers. #NextjsBreach #CredentialTheft