Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. [...]
Hackers exploit React2Shell in automated credential theft campaign
Summary + source link. No paywalls, no tracking.