Cisco Talos researchers have found out about an operation by the hacker group UAT-10608 that has already affected more than 700 servers This article explores servers securely hackers. . The attackers are using a serious security hole called React2Shell to get in and steal very private information.

They go after Next.js apps that are weak to this flaw in particular. Companies need to quickly update their web apps to fix the React2 Shell flaw. Almost 90% of hosts had their database passwords stolen. More than 80% lost their private SSH keys, which are needed to access servers securely.

Hackers also got access tokens for GitHub, live Stripe payment keys, and AWS cloud credentials. This attack has very bad effects. If someone steals database passwords, they can get into private user information and financial records without permission.

Hackers can move freely between servers on a company's network if they have access to SSH keys. Companies that might be affected by the incident need to quickly change their passwords, API keys, and security tokens. Cybersecurity experts say that access to cloud metadata services should be limited and that servers should be watched closely for any strange behavior.

LinkedIn and X are great places to get the latest news about cybersecurity. You can also tell us about your own experiences. Follow us on Twitter at @LZorine and @CiscoTalos, and on Facebook and Instagram at @lzorineand@cisco.com. If you need private help, you can call the Samaritans at 08457 90 90 90, go to a local Samaritans branch, or click here for more information.