VulnHub

Real-time Cybersecurity News

Automated Credential Harvesting Campaign Exploits React2Shell Flaw

darkreading
Actively Exploited
Vulnerability

Overview

A new threat group known as UAT-10608 is targeting Next.js applications that are exposed on the web. They are using an automated tool to steal sensitive information such as user credentials and system secrets. This attack can affect any organization using vulnerable Next.js apps, potentially leading to significant data breaches and unauthorized access to systems. It's crucial for companies to assess their web applications for vulnerabilities, especially those related to the React2Shell flaw, to prevent such automated credential harvesting campaigns. The ongoing exploitation of this vulnerability emphasizes the need for timely security updates and monitoring of web applications.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Next.js applications, React2Shell vulnerability
  • Action Required: Organizations should patch their Next.
  • Timeline: Newly disclosed

Original Article Summary

An emerging threat cluster tracked as UAT-10608 is exploiting vulnerable Web-exposed Next.js apps and using an automated tool to exfiltrate credentials, secrets, and other system data.

Impact

Next.js applications, React2Shell vulnerability

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should patch their Next.js applications against the React2Shell vulnerability and implement security best practices to protect against automated credential harvesting.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Vulnerability.

Read Original Article

Related Coverage

pcTattleTale stalkerware maker sentence includes fine, supervised release

CyberScoop

Bryan Fleming, the creator of the stalkerware application pcTattleTale, has been sentenced without prison time after pleading guilty to charges related to his software. Instead, he will face a fine and a period of supervised release. This case is notable as it represents one of the few successful prosecutions related to stalkerware in the United States, which is software designed to secretly monitor individuals without their consent. The implications of this case extend beyond Fleming, as it raises awareness about the legal ramifications for those who develop and distribute such invasive technologies. Users should be aware of the potential risks associated with stalkerware and the importance of privacy in the digital age.

Apr 6, 2026

Missile Alert Phishing Exploits Iran-US-Israel Conflict for Microsoft Logins

Hackread – Cybersecurity News, Data Breaches, AI and More

A new phishing scam is exploiting the ongoing conflict between Iran, the US, and Israel by sending out fake missile alerts to trick users into revealing their Microsoft login credentials. Attackers are using QR codes and counterfeit government emails to lure victims. This tactic is particularly concerning as it preys on the heightened anxiety surrounding geopolitical tensions, making users more susceptible to clicking on malicious links. The scam underscores the importance of vigilance regarding unsolicited communications, especially during times of crisis. Users are advised to verify the authenticity of any alerts before taking action, particularly those requesting sensitive information.

Apr 6, 2026

Google DeepMind Researchers Map Web Attacks Against AI Agents

SecurityWeek

Researchers at Google DeepMind have identified six types of web-based attacks that can target autonomous AI agents. These attacks exploit malicious web content to manipulate AI behavior, potentially leading to harmful consequences. The study emphasizes how AI agents, which increasingly navigate the internet autonomously, can be misled by deceptive information, resulting in unexpected actions. This research highlights the need for stronger security measures to protect AI systems from manipulation. As AI continues to be integrated into various applications, understanding these vulnerabilities is crucial for developers and organizations relying on AI technology.

Apr 6, 2026

MCP isn't a protocol problem. It's an identity crisis nobody is treating.

SCM feed for Latest

The article discusses the risks associated with MCP (Multi-Channel Protocol), emphasizing that the main issue isn't technical flaws but rather a lack of identity verification in AI systems. This absence of identifiable actions makes it difficult to trace back AI decisions, raising concerns about accountability and transparency. As AI systems become more integrated into various applications, the implications of untraceable actions could lead to significant security and ethical challenges. Users, developers, and organizations relying on AI need to address these identity issues to ensure responsible use and mitigate potential risks. Without proper identification mechanisms, the trustworthiness of AI systems could be severely compromised, affecting a wide range of industries.

Apr 6, 2026

5 email threats to watch as identity and AI attacks evolve

SCM feed for Latest

Recent research has identified several email-based threats that are evolving with the rise of AI and sophisticated attack methods. Key threats include OAuth consent attacks, where attackers exploit legitimate app permissions to gain unauthorized access to accounts. Lateral phishing is also on the rise, where compromised accounts are used to target other users within the same organization. Additionally, AI is being misused in payroll fraud schemes, tricking companies into making mistaken payments. These threats impact a wide range of organizations, as they rely heavily on email for communication and transactions. As these tactics become more common, businesses must remain vigilant and enhance their email security measures to protect against these evolving risks.

Apr 6, 2026

BKA unmasks two REvil Ransomware operators behind 130+ German attacks

Security Affairs

German authorities have identified two members of the REvil ransomware group, linking them to over 130 cyberattacks in the country. The suspects are Daniil Maksimovich Shchukin, a 31-year-old Russian national, and another unnamed individual. These attacks have targeted various sectors across Germany, causing significant disruptions and financial losses. The identification of these operators is a crucial step in combating ransomware, as it could lead to further investigations and arrests. This situation underscores the ongoing threat posed by ransomware groups and the importance of international cooperation in addressing cybercrime.

Apr 6, 2026