Critical

Hackers exploit React2Shell in automated credential theft campaign

BleepingComputer
Actively Exploited

Overview

Hackers are actively exploiting a vulnerability known as React2Shell (CVE-2025-55182) to automate the theft of user credentials from Next.js applications. This attack targets systems that have not been updated or patched against this specific vulnerability, making them susceptible to unauthorized access. Researchers have observed that this campaign is widespread, indicating that many developers using vulnerable versions of Next.js may be at risk. The implications are significant, as stolen credentials can lead to account takeovers and further breaches within organizations. Companies using Next.js should prioritize updating their applications to mitigate this threat and protect user data.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Next.js applications vulnerable to React2Shell (CVE-2025-55182)
  • Action Required: Developers should update Next.
  • Timeline: Newly disclosed

Original Article Summary

Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. [...]

Impact

Next.js applications vulnerable to React2Shell (CVE-2025-55182)

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Developers should update Next.js applications to the latest version that addresses the React2Shell vulnerability. Regularly check for security updates and apply patches as they become available to prevent exploitation.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Exploit, Vulnerability.

Related Coverage

New Spirals ransomware encrypts victim network in under 24 hours

BleepingComputer

A new ransomware group called Spirals has demonstrated a rapid and aggressive approach to cyberattacks by completing a corporate intrusion in less than 24 hours. This includes gaining initial access, stealing data, and encrypting systems. Organizations that fall victim to Spirals could face significant data loss and operational disruption, making it crucial for companies to enhance their cybersecurity measures. The speed of these attacks raises concerns about the effectiveness of current security protocols, as attackers can bypass defenses much quicker than many organizations can respond. Companies need to stay vigilant and ensure they have robust incident response plans in place to mitigate the risks posed by such fast-moving threats.

Jul 16, 2026

SANS Warns of AI Governance Gap as Use by Security Teams Surges

Infosecurity Magazine

The SANS Institute has raised concerns about the lack of governance frameworks surrounding the increasing use of artificial intelligence (AI) by security teams. Despite the rapid adoption of AI tools, many organizations do not have established programs to oversee their use, which could lead to failures or vulnerabilities in security practices. As AI continues to evolve, the risks associated with its misuse or mismanagement are likely to grow, potentially exposing sensitive data or systems to threats. This situation calls for companies to prioritize the development of governance strategies to ensure that AI technologies are applied safely and effectively in cybersecurity efforts.

Jul 16, 2026

F5 Patches Multiple NGINX, BIG-IP Vulnerabilities

SecurityWeek

F5 has issued patches for several vulnerabilities found in its NGINX and BIG-IP products. These vulnerabilities could allow attackers to manipulate configurations, restart or terminate processes, cross security boundaries, leak sensitive memory information, and execute arbitrary code. Organizations using these products are at risk if they do not apply the updates promptly. The potential impact on system integrity and security is significant, making it crucial for affected users to act quickly to protect their environments. Keeping software up to date is essential in mitigating these risks and ensuring ongoing security.

Jul 16, 2026

China’s Top Cybersecurity Firms Hit by Mounting Military Procurement Bans

SecurityWeek

Chinese cybersecurity firms are facing increasing restrictions from the military regarding procurement. This action is not related to any product failures but appears to be part of a broader strategy by the military to control and limit the involvement of these companies in defense-related contracts. The bans could impact the operations and financial stability of these firms, which play a significant role in China's cybersecurity landscape. As the military tightens its grip, it raises questions about the future of collaboration between the state and private cybersecurity entities. This situation could lead to a realignment in the industry as companies adjust to these new limitations.

Jul 16, 2026

OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol

The Hacker News

OpenAI has introduced GPT-Red, an automated red-teaming model designed to identify and address prompt injection vulnerabilities in its AI systems, particularly GPT-5.6. The model acts as a robust adversary to help developers discover weaknesses before the AI tools are widely released. OpenAI acknowledges that previous versions of their models are susceptible to attacks that exploit these vulnerabilities. By using GPT-Red for adversarial training, the company aims to enhance the security of its AI products, ensuring they are less prone to exploitation. This proactive approach is significant as it helps prevent potential misuse of AI technologies, which could lead to serious security issues and misinformation.

Jul 16, 2026

Old UEFI Shims Expose Systems to Secure Boot Bypass

SecurityWeek

Researchers have identified vulnerabilities in older UEFI shim bootloaders signed by Microsoft, which could allow attackers to bypass Secure Boot protections on affected systems. This issue is significant because it affects a wide range of devices, regardless of the operating system they run. Essentially, if a device uses these outdated bootloaders, it may be at risk of being compromised. The implications are serious, as Secure Boot is designed to ensure that only trusted software runs during the system's startup process. Users and organizations should review their systems for these vulnerabilities and take appropriate action to mitigate the risks.

Jul 16, 2026