Over 766 Next.js Hosts Compromised in Major Credential Theft Due to Vulnerability
Security

Over 766 Next.js Hosts Compromised in Major Credential Theft Due to Vulnerability

Over 766 hosts across various cloud providers have been compromised by UAT-10608, exploiting a critical React vulnerability to harvest sensitive credentials at scale.

Editorial
Editorial Staff
1 hour ago 1 min read
NeboAI I summarize the news with data, figures and context
IN 30 SECONDS

35 sec read time You saved ~1 min
IN 1 SENTENCE

SENTIMENT
Neutral

𒀭
NeboAI is working, please wait...
Preparing detailed analysis
Quick summary completed
Extracting data, figures and quotes...
Identifying key players and context
DETAILED ANALYSIS
SHARE
Was this helpful?

NeboAI produces automated editions of journalistic texts in the form of summaries and analyses. Its experimental results are based on artificial intelligence. As an AI edition, texts may occasionally contain errors, omissions, incorrect data relationships and other unforeseen inaccuracies. We recommend verifying the content.

© NeboAI 2025 About Nebo

A significant credential harvesting campaign has been identified, targeting vulnerabilities in Next.js applications. Cisco Talos attributes this operation to a threat group known as UAT-10608, which has compromised at least 766 hosts across various regions and cloud platforms.

This operation exploits a critical flaw, designated as CVE-2025-55182, in React Server Components, allowing attackers to gain initial access. Once inside, the group deploys a sophisticated multi-phase harvesting framework named NEXUS Listener through a dropper, enabling the extraction of sensitive information such as SSH private keys, AWS secrets, and API credentials.

Security experts Asheer Malhotra and Brandon White noted that this threat cluster utilizes automated scripts to extract and exfiltrate data, which is then sent to a command-and-control server featuring a web-based interface. This interface provides operators with analytical insights and access to the stolen credentials, indicating a highly organized and automated approach to the attacks.

Tags: react2shell credential harvesting cybersecurity next.js cisco talos cloud security
Want to read the full article? Access the original article with all the details.
Read Original Article
TL;DR

This article is an original summary for informational purposes. Image credits and full coverage at the original source. · View Content Policy

Editorial
Editorial Staff

Our editorial team works around the clock to bring you the latest tech news, trends, and insights from the industry. We cover everything from artificial intelligence breakthroughs to startup funding rounds, gadget launches, and cybersecurity threats. Our mission is to keep you informed with accurate, timely, and relevant technology coverage.

5970 articles →

Related Articles

Law Enforcement Agencies Brace for Fallout from FBI's Major Cyber Incident Warning

Avast Premium offers budget-friendly antivirus solution with smart features for users

Mythos Model by Anthropic Raises Alarms Over Potential Cybersecurity Threats

EU Faces Escalating Cyber Threats: Key Impacts on Security and Economy Revealed

SAGE AI Governance Engine from Rubrik Promises to Revolutionize Data Security Strategies

EU Officials Face Security Crisis as Signal Group Chat is Disbanded Amid Hacking Concerns

Seceon's New AI Threat Detection Software Promises Enhanced Security for Businesses Now

Phishing Attacks Surge 450% as Cybercriminals Leverage AI for Greater Impact

Hasbro faces significant disruption after cyberattack, recovery could take weeks
Press Enter to search or ESC to close