Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Published: 1 month ago (April 2, 2026 at 03:30 PM EDT)

1 min read

Source: The Hacker News

A large‑scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos has attributed the operation to a threat cluster it tracks.

Back to Blog

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

Overview An Iran‑nexus threat actor is suspected to be behind a password‑spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid t...

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Threat actors likely associated with the Democratic People’s Republic of Korea DPRK have been observed using GitHub as command‑and‑control C2 infrastructure in...

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid‑2025, following a two‑year period of minimal targe...

The State of Trusted Open Source Report

In December 2025, we shared the first‑ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open‑source co...

Related posts

Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

The State of Trusted Open Source Report