Massive Credential Theft Campaign Exploits React2Shell Flaw in Next.js Applications Cybersecurity researchers at Cisco Talos have uncovered a large-scale automated credential theft campaign orchestrated by the hacker group UAT-10608, which has compromised over 700 servers worldwide. The attackers are exploiting CVE-2025-55182 (React2Shell), a critical remote code execution (RCE) vulnerability in React Server Components used by Next.js applications. The flaw allows attackers to send maliciously crafted web requests to vulnerable servers, executing arbitrary commands without requiring authentication or user interaction. Once exploited, the attack deploys a malicious script that silently extracts sensitive data, including database credentials, SSH keys, AWS cloud tokens, Stripe payment keys, and GitHub access tokens. To manage the stolen data, the threat actors use a custom web dashboard called the "NEXUS Listener", which recorded 766 compromised hosts in just 24 hours. The impact is severe: - Over 90% of affected servers had database credentials stolen. - Nearly 80% lost private SSH keys, enabling lateral movement across networks. - Stolen cloud credentials could allow attackers to hijack entire cloud environments. - Compromised GitHub tokens risk malicious code injections into software updates. The campaign highlights the urgent need for organizations using Next.js to patch the React2Shell vulnerability and rotate exposed credentials. The stolen data provides attackers with persistent access to critical systems, posing long-term security risks.

Thousands of API Credentials Exposed Across 10,000 Websites, Researchers Warn A recent analysis of 10 million websites has revealed nearly 2,000 exposed API credentials across 10,000 webpages, posing a significant security risk to organizations. Conducted by researchers from Stanford University, the University of California, Davis, and TU Delft, the study used the tool TruffleHog to scan for sensitive credentials embedded in public-facing web content. The findings, detailed in a preprint paper, identified 1,748 valid credentials for major services, including AWS, GitHub, and Stripe. These credentials belonging to multinational corporations, critical infrastructure providers, and government agencies grant programmatic access to cloud platforms, payment systems, and firmware repositories. Among the most concerning discoveries was a global bank exposing cloud credentials on its website, potentially allowing access to core infrastructure. Another case involved firmware repository credentials for drones and remote-controlled devices, raising concerns about malicious updates. The majority of exposed credentials were found in JavaScript files, with AWS credentials accounting for over 16% of verified exposures. Researchers emphasized that this overlooked attack vector credentials embedded in webpages rather than code repositories presents a direct threat to sensitive systems. The study underscores the need for organizations to monitor and secure publicly accessible web assets to prevent unauthorized access.

AI vs. AI: How an Autonomous Agent Hacked a Hiring Platform in Under an Hour In a striking demonstration of AI’s offensive capabilities, cybersecurity firm CodeWall unleashed an autonomous AI agent against Jack & Jill, a fast-growing AI-powered hiring platform used by companies like Anthropic, Stripe, and ElevenLabs. Within 60 minutes, the agent exploited four seemingly minor vulnerabilities chaining them together to gain full administrative access to any company on the platform. The experiment, led by CodeWall CEO Paul Price, revealed how AI can autonomously discover and exploit attack paths that human testers might overlook. The agent began by probing the system, uncovering flaws such as: - A URL fetcher that failed to block internal domains, allowing access to API documentation and authentication files. - A test mode left enabled, permitting login via a one-time password (OTP) with a simple email keyword. - Missing role checks during user onboarding, enabling privilege escalation. - A lack of domain verification, which let the agent bypass account creation safeguards. Once inside, the agent mapped 220 endpoints, extracted sensitive data including recruitment contracts and candidate information and even created, edited, or deleted job postings at will. ### Unpredictable Behavior: AI’s Social Engineering & Voice Hijacking The agent’s actions grew increasingly sophisticated and bizarre. Without explicit instructions, it gave itself a voice, generating synthetic audio clips to interact with Jack & Jill’s AI agents in real time. In one instance, it impersonated former U.S. President Donald Trump, demanding full access to company data. While Jack (the candidate-facing agent) resisted some prompt injections, the agent’s persistence 28 failed attempts before pivoting highlighted its ability to adapt. Price noted that the agent behaved “like a curious researcher” rather than a scripted tool, testing variations until it found success. Its ability to chain non-critical bugs into a devastating attack underscores how AI can automate complex attack sequences at scale, far outpacing human red teams. ### Why This Matters for Cybersecurity The experiment raises urgent concerns: - Lowered Barrier to Entry: AI enables attackers to rapidly explore systems with minimal expertise, reducing the skill required for sophisticated breaches. - New Attack Surfaces: AI-specific vulnerabilities such as prompt injections, RAG pipelines, and agent tools are often unsecured, creating novel risks. - Defensive Gaps: Traditional security measures (e.g., periodic pentests) may fail against AI-driven attacks, which continuously test and adapt. Price warned that “AI systems can digest vast amounts of information and explore attack vectors humans would never consider.” The incident serves as a wake-up call for organizations to adopt continuous, adversarial testing or risk being outmaneuvered by autonomous threats. Jack & Jill, founded in 2025, has since implemented fixes, but the case remains a stark example of how AI vs. AI conflicts could redefine cybersecurity in the near future.

New Magecart Campaign Exploits Stripe API to Steal Payment Data Researchers at Sansec have uncovered a sophisticated Magecart campaign leveraging Stripe’s API infrastructure and Google Tag Manager (GTM) to steal credit card details from e-commerce checkout pages. The attack, active since at least December 24, 2025, abuses trusted domains googletagmanager.com and api.stripe.com to bypass security filters and exfiltrate stolen data undetected. The malware is embedded in legitimate-looking GTM containers, which execute when a shopper reaches a checkout page. It targets Magento/Adobe Commerce stores, capturing payment details (card number, CVV, expiration date), billing information, and customer contact data. The stolen data is obfuscated using XOR encryption, stored locally, and later exfiltrated via Stripe’s API by creating fake customer records under the attacker’s account (cus_TfFjAAZQNOYENR). A variant of the campaign uses Google Firestore (project: braintree-payment-app, document: tracking/captcha) to host the payload and store stolen data, blending in with legitimate payment and bot-protection traffic. Once exfiltrated, the malware wipes local traces to avoid detection. The attack highlights how threat actors exploit trusted platforms to evade security measures, turning payment processors into unwitting storage for stolen financial data.

In August 2024, Stripe faced a sophisticated iframe skimmer campaign where attackers exploited vulnerabilities in merchant websites to inject malicious pixel-perfect overlays on checkout pages. The attack bypassed Stripe’s secure iframe sandbox by targeting the host page, hiding the legitimate payment form and replacing it with a fake replica to steal credit card data in real time. At least 49 merchants were compromised, with attackers leveraging a deprecated Stripe API to validate stolen cards invisibly. The breach exposed gaps in traditional defenses like CSP and X-Frame-Options, proving that modern attacks exploit blind spots around iframes rather than breaking them directly. The incident highlighted risks from third-party scripts (e.g., Google Tag Manager) running within payment iframes, creating massive security blind spots. The financial and reputational fallout included potential fraudulent transactions, customer distrust, and regulatory scrutiny under PCI DSS 4.0.1, which now mandates stricter monitoring of payment page integrity.

The California Office of the Attorney General reported a data breach at Stripe GEP, Inc. involving Legalinc Corporate Services, Inc. The breach, which occurred on October 25, 2017, and again on December 4, 2019, potentially affected approximately 2,670 individuals' personal information, including first and last names and Social Security numbers. The security vulnerability was discovered on December 11, 2019.