Hackers are targeting developers by disguising malware as legitimate Next.js repositories. This sophisticated campaign leverages standard coding workflows to compromise systems and exfiltrate critical data. Here’s what you need to know—and how to stay safe.
Attackers are disguising malicious Next.js repositories as job assessments to target developers, exploiting routine workflows and automation to gain remote access. Microsoft’s investigation reveals a coordinated, multi-stage campaign that turns everyday coding into a cybersecurity risk.
Operation PCPcat struck fast, breaching over 59,000 Next.js and React servers in just 48 hours. The attack exploited critical RCE flaws to steal hundreds of thousands of credentials, exposing the urgent need for rapid defense.
Operation PCPcat exploited major Next.js and React flaws to breach over 59,000 servers, stealing up to 590,000 credentials. Our investigation reveals the campaign's technical details, persistence tactics, and critical defense recommendations.
A new malware campaign, PCPcat, has breached nearly 60,000 servers in under 48 hours by exploiting critical Next.js and React vulnerabilities. The operation, leveraging the React2Shell exploit chain, has stolen up to 590,000 credentials and highlights the urgent need for patching and vigilant monitoring.
A newly released exploit for React Server Components is putting millions of Next.js servers at risk. This feature investigates how the attack works, who is vulnerable, and what urgent steps defenders must take.
A critical flaw in React Server Components has left over two million Next.js-powered websites vulnerable to remote code execution. With active exploitation already underway, immediate patching is essential to prevent widespread compromise.
Critical vulnerabilities in React and Next.js open the door to devastating remote-code execution attacks. With default configurations exposed and millions of web apps at risk, urgent patching is required to prevent mass exploitation.
A massive React2Shell vulnerability has exposed over two million Next.js-powered web services to active cyberattacks. Learn how the flaw works, who’s exploiting it, and what to do now.
A new Python scanner reveals hidden React and Next.js RSC vulnerabilities linked to CVE-2025-55182, alerting security teams to risks missed by traditional tools.