EXCLUSIVE: ZERO-DAY APOCALYPSE HITS NEXT.JS AS HACKERS LOOT CRYPTO KEYS AND CLOUD SECRETS IN MASSIVE SUPPLY-CHAIN ATTACK
A silent, devastating cyber siege is underway, targeting the very backbone of modern web development. Security researchers have uncovered a massive, ongoing credential harvesting campaign exploiting a critical vulnerability, CVE-2025-55182, to breach at least 766 Next.js hosting servers. This is not a simple data breach; it is a surgical strike on digital infrastructure designed to plunder the most sensitive assets a company owns.
The attack uses the so-called "React2Shell" vulnerability as its initial infection vector, turning a common development framework into a weapon. Once inside, the deployed malware conducts a comprehensive loot of credentials: database passwords, SSH private keys, Amazon Web Services secrets, Stripe API keys, and GitHub tokens are all being stolen at an industrial scale. This ransomware-grade theft gives attackers the keys to entire corporate kingdoms.
Cisco Talos intelligence has attributed this operation to a sophisticated, persistent threat cluster. "This is a masterclass in initial access," a senior cybersecurity analyst told us anonymously. "They aren't just breaking in; they're exploiting a zero-day vulnerability in a trusted tool to establish a beachhead, then moving laterally to steal everything that isn't bolted down. The focus on cloud and payment keys suggests financial or crypto-related motives, posing a severe blockchain security risk if wallet keys are exposed."
Every developer and company using this ecosystem is now on the front line. The stolen AWS and GitHub credentials can be used to hijack cloud resources, deploy ransomware, or poison software repositories in a supply-chain attack. A successful phishing campaign could now be the least of your worries.
We predict this campaign will escalate, with stolen API keys used to manipulate services or launch secondary attacks within weeks. The sheer volume of high-value keys stolen creates a ticking time bomb for the global tech sector.
Your development stack has become your greatest vulnerability. Patch immediately or prepare to be emptied.
