A significant security lapse has granted researchers access to a threat group's dashboard, revealing their exploitation of the four-month-old React2Shell vulnerability to steal sensitive data on a large scale. The Cisco Systems' Talos threat intelligence team discovered that the threat group, known as UAT-10608, was collecting login credentials, keys, and tokens from unpatched servers and storing them in a password-protected database behind a web application. However, a temporary exposure of the web application allowed the researchers to view the harvested data1. The React2Shell vulnerability has been exploited by UAT-10608 to gain unauthorized access to servers, highlighting the importance of prompt patching and security updates. This incident matters to security practitioners because it underscores the need for vigilance in protecting against known vulnerabilities, as threat groups continue to exploit them to steal sensitive information.
Security lapse lets researchers view React2Shell hackers’ dashboard
⚠️ Critical Alert
Why This Matters
Researchers from Cisco Systems’ Talos threat intelligence team who made the discovery said Thursday that the data harvested by an unattributed group they call UAT-10608 went to a.
References
- CSO Online. (2026, April 3). Security lapse lets researchers view React2Shell hackers’ dashboard. CSO Online. https://www.csoonline.com/article/4154188/security-lapse-lets-researchers-see-react2shell-hackers-dashboard.html
Original Source
CSO Online
Read original →