VulnerabilitiesApr 6, 2026
Automated Credential Harvesting Campaign Exploits React2Shell Flaw
UAT-10608 exploits React2Shell flaw in Next.js apps for automated credential theft.
Summary
A threat cluster designated UAT-10608 is actively exploiting a vulnerability in Next.js applications exposed to the web, leveraging the React2Shell flaw to deploy automated credential harvesting tools. The campaign systematically exfiltrates credentials, secrets, and sensitive system data from compromised instances.
Indicators of Compromise
- malware — React2Shell
Entities
UAT-10608 (threat_actor)Next.js (product)React2Shell (technology)