VulnHub

Real-time Cybersecurity News

Hackers exploit React2Shell in automated credential theft campaign

BleepingComputer
Actively Exploited
CVEExploitVulnerability

Overview

Hackers are actively exploiting a vulnerability known as React2Shell (CVE-2025-55182) to automate the theft of user credentials from Next.js applications. This attack targets systems that have not been updated or patched against this specific vulnerability, making them susceptible to unauthorized access. Researchers have observed that this campaign is widespread, indicating that many developers using vulnerable versions of Next.js may be at risk. The implications are significant, as stolen credentials can lead to account takeovers and further breaches within organizations. Companies using Next.js should prioritize updating their applications to mitigate this threat and protect user data.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Next.js applications vulnerable to React2Shell (CVE-2025-55182)
  • Action Required: Developers should update Next.
  • Timeline: Newly disclosed

Original Article Summary

Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. [...]

Impact

Next.js applications vulnerable to React2Shell (CVE-2025-55182)

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Developers should update Next.js applications to the latest version that addresses the React2Shell vulnerability. Regularly check for security updates and apply patches as they become available to prevent exploitation.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Exploit, Vulnerability.

Read Original Article

Related Coverage

BrowserGate: LinkedIn Tracks 6,000+ Browser Extensions on Users’ PCs

Hackread – Cybersecurity News, Data Breaches, AI and More

LinkedIn is facing scrutiny after a report revealed that it tracks over 6,000 browser extensions installed on users' devices. This practice raises serious privacy concerns, as many users may not be aware that their browsing habits could be monitored through these extensions. The BrowserGate report emphasizes that such extensive tracking can lead to potential misuse of personal data. Users of LinkedIn, especially those who rely on various browser extensions for productivity, should be aware of this issue and consider the implications for their privacy. The situation calls for a closer examination of data collection practices by major platforms and how they handle user consent.

Apr 5, 2026

Axios npm hack used fake Teams error fix to hijack maintainer account

BleepingComputer

The Axios HTTP client development team reported that one of their developers fell victim to a social engineering attack, likely orchestrated by North Korean hackers. The attackers used a fake Teams error message to gain access to the maintainer's account, which allowed them to compromise the project. This incident raises concerns about the security of widely-used open-source software, as it demonstrates how easily social engineering tactics can lead to significant breaches. Users and developers of Axios should be aware of these tactics and implement stronger security measures to protect their accounts and projects. The incident serves as a reminder of the persistent threat posed by state-sponsored hacking groups.

Apr 4, 2026

Qilin ransomware group claims the hack of German political party Die Linke

Security Affairs

The Qilin ransomware group has claimed responsibility for a data breach involving Die Linke, a left-wing political party in Germany. The group announced that they have stolen sensitive data from the party and are threatening to make it public unless their demands are met. While Die Linke has confirmed that the incident occurred, they have stated that there was no breach of their systems. This incident raises concerns about the cybersecurity of political organizations, especially given the sensitive nature of the data involved. The threat of public data leaks can have serious implications for political entities, affecting both their reputation and operational integrity.

Apr 4, 2026

European Commission breach exposed data of 30 EU entities, CERT-EU says

Security Affairs

A breach involving the European Commission's cloud infrastructure has resulted in the exposure of sensitive data from at least 30 EU entities. The incident was linked to the TeamPCP hacking group, which is known for targeting various organizations. CERT-EU, the Computer Emergency Response Team for the EU, confirmed this breach and made the information public on March 27. This incident raises significant concerns about the security of sensitive government data and the potential for further exploitation of the exposed information. Organizations within the EU must assess their security measures to prevent similar breaches in the future.

Apr 4, 2026

Inconsistent Privacy Labels Don't Tell Users What They Are Getting

darkreading

The article discusses the shortcomings of data privacy labels for mobile apps, emphasizing that while the concept is beneficial, the current implementations fail to provide clear and useful information to users. Researchers found that inconsistencies in how these labels are presented can lead to confusion about what data is collected and how it is used. This lack of clarity can affect user trust and decision-making regarding app downloads. The article calls for improvements in the labeling process to ensure users are better informed about their privacy. Ultimately, enhancing these labels is crucial for protecting user data and fostering a safer digital environment.

Apr 3, 2026

Stryker back online after cyberattack

SCM feed for Latest

Stryker, a prominent medical device manufacturer in the U.S., has announced that it has fully resumed operations after a cyberattack attributed to the Iran-linked hacktivist group Handala. The attack, which occurred three weeks ago, resulted in the wiping of several of Stryker's systems, disrupting its operations. This incident raises concerns about the security of critical healthcare infrastructure, as such attacks can impact patient care and safety. Stryker's swift recovery is a positive sign, but it highlights the ongoing risks that companies in the healthcare sector face from cyber threats. As the industry becomes more reliant on digital systems, securing these networks is increasingly crucial.

Apr 3, 2026