In a groundbreaking heist, digital miscreants have turned 766 Next.js hosts into their own little gold mine, all without leaving their ergonomic office chairs. Their weapon of choice? CVE-2025-55182, a vulnerability so cutting-edge it practically screams, ‘Hack me, please!’

Our hackers, who clearly majored in both patience and opportunism, exploited the React2Shell vulnerability to conduct what experts are calling ‘Harvest Fest 2025.’ This isn’t just your grandmother’s phishing scam! We’re talking about a sophisticated digital raid that left databases, AWS secrets, and even shell command histories stripped bare like a digital Black Friday sale.

Cisco Talos, our ever-vigilant digital sentry, attributes this operation to their favorite local cyber menace, a threat cluster that typically makes regular pop-up appearances. We can’t disclose their name, but let’s just say this isn’t their first gig pilfering API keys and washing them down with GitHub tokens.