Next.js

Hackers Built a SaaS-Style Dashboard to Loot Next.js Apps at Scale

John Z Black Apr 3, 2026

Threat Intelligence #Next.js #React #CVE-2025-55182 #credential-theft #supply-chain #cloud-security

UAT-10608 built an automated framework that exploits a CVSS 10.0 React flaw to compromise Next.js apps, harvest credentials, and display the loot in a searchable dashboard.