UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications

A highly automated threat campaign dubbed UAT-10608 is exploiting a Next.js vulnerability to compromise hundreds of web applications worldwide, harvesting and aggregating a vast array of sensitive credentials—including SSH keys, cloud tokens, and payment secrets—via a sophisticated exfiltration framework with a web-based control panel.