700+ Next.js hosts hit in React2Shell campaign as attackers steal cloud and database secrets

A large-scale credential theft campaign has compromised more than 700 internet-facing hosts by exploiting React2Shell, the remote code execution flaw tracked as CVE-2025-55182. Cisco Talos says the operation, which it tracks as UAT-10608, uses the bug to break into vulnerable web applications and then run an automated script that steals secrets from the server. The […] The post 700+ Next.js hosts hit in React2Shell campaign as attackers steal cloud and database secrets appeared first on VPN Central.