EMERGING 2026-04-05 08:51 UTC

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

Emerging | Vulnerability, Breach | via thehackernews

2 sources Quality: 1.00 Type: emerging

KEY FACTS

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos

Overview

Vulnerability Details

CVE-2025-55182: Referenced in source reporting from thehackernews.

Organisations Involved

The following organisations are mentioned in relation to this incident: AWS, Amazon, Amazon Web Services, Cisco, Cisco Talos, GitHub.

Sources: thehackernews. Aggregated by Cybernews Agency pipeline.

SOURCES (2)

ENTITIES

CVE-2025-55182

DEBUG — Testing Information

AR-ID	388ccf4e-abf8-4ec4-ab2c-d439f098bc63
NEWS-ID	d8f55ab6-b75a-4ac6-8d6c-c47baed64fcb
Article type	emerging
Categories	none
Quality score	1.0000
Generation timestamp	2026-04-04 19:24 UTC
Publish timestamp	2026-04-05 08:51 UTC
Editor corrections	[{"by": "cn-editor", "note": "passed quality checks", "score": 1.0}]

RAW SOURCES (2):

RAW-ID: a2826128-38db-4898-883c-39091c71cbbc
URL: https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html
Title: Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

RAW-ID: 1e47f461-fd30-49a5-bd5c-2f64ca30b659
URL: https://www.bleepingcomputer.com/news/security/hackers-exploit-react2shell-in-automated-credential-theft-campaign/
Title: Hackers exploit React2Shell in automated credential theft campaign

ENTITIES:
CVE-2025-55182

EMBEDDING: 384-dim (present)