my photo

John Z Black

Brunswick, ME • (207) 245-1010 • contact@johnzblack.com

Blog / #React

Hackers Built a SaaS-Style Dashboard to Loot Next.js Apps at Scale

John Z Black Apr 3, 2026

Threat Intelligence #Next.js #React #CVE-2025-55182 #credential-theft #supply-chain #cloud-security

UAT-10608 built an automated framework that exploits a CVSS 10.0 React flaw to compromise Next.js apps, harvest credentials, and display the loot in a searchable dashboard.

Read More