An apparent security lapse has allowed researchers to peer into the work of a threat group currently exploiting unpatched servers open to the four-month-old React2Shell vulnerability to steal login credentials, keys, and tokens at scale. Researchers from Cisco Systems’ Talos threat intelligence team who made the discovery said Thursday that the data harvested by an unattributed group they call UAT-10608 went to a password protected database behind a web application. However, that application was at one point exposed, allowing the researchers to see data that had been harvested from compromised systems. Credentials, as well as Auth tokens and more, that have been stolen so far come from insta...