theAIcatchup

React2Shell Hits: Spies, Miners, and Chaos Exploit React's Gaping Flaw

React was supposed to be the web's shiny armor. Now? React2Shell (CVE-2025-55182) lets hackers run wild with one HTTP poke. Spies and scammers are feasting.

4 min read 4 weeks ago

Diagram of UAT-10608 automated attack chain exploiting React2Shell in Next.js application

UAT-10608's Automated Credential Grab: Next.js Apps Bleeding Secrets via React2Shell

Credentials pouring out. An automated campaign's hitting vulnerable Next.js setups, siphoning secrets faster than you can say 'patch management.' UAT-10608 doesn't mess around.

4 min read 4 weeks, 1 day ago

Diagram of React2Shell exploit chain from HTTP request to credential exfiltration via Nexus Listener

React2Shell: How a React Bug Turned 766 Servers into Credential Vaults

One HTTP request. That's all it took for hackers to burrow into 766 Next.js servers, siphoning credentials like SSH keys and AWS tokens. Cisco Talos just pulled back the curtain on this automated nightmare.

5 min read 1 month ago

#react2shell

React2Shell Hits: Spies, Miners, and Chaos Exploit React's Gaping Flaw

UAT-10608's Automated Credential Grab: Next.js Apps Bleeding Secrets via React2Shell

React2Shell: How a React Bug Turned 766 Servers into Credential Vaults