Forem: Manav Verma

🚨 Critical Next.js Vulnerability: Server Hijacked by Crypto Miner

Manav Verma — Mon, 08 Dec 2025 03:44:29 +0000

🚨 Critical Next.js Vulnerability: Server Hijacked by Crypto Miner

If you are running Next.js (especially App Router), stop what you are doing and check your servers. I just spent the last 24 hours fighting a nightmare scenario where 2-3 of my production apps were suddenly compromised.

Here is exactly what happened, how I found it, and how you can fix it.

The Symptoms: "Suddenly, Silence"

Everything was running smoothly until my server monitoring screamed.

CPU Spikes: Usage hit 100% and stayed there.
Server Shutdown: The load was so high the VM eventually crashed.
Filesystem Changes: I noticed immediate changes in my git staging area—files I didn't touch were modified.

The Analysis: What the Hacker Did

The attacker used a Remote Code Execution (RCE) vulnerability to gain entry and immediately set up shop to mine Monero (XMR).

1. Code Level Compromise

They didn't just run a script; they embedded themselves into my source code to ensure persistence.

Modified Configs: Malicious lines were injected into next.config.js, tailwind.config.js, and postcss.config.js.
Manifest Injection: A custom manifest file was added.
Git Staged Changes: I caught them red-handed via git status—yarn.lock and package.json were modified to pull malicious dependencies.

2. Machine Level Compromise

This was the scary part. They escalated out of the Node.js process:

System Services: They created systemd services with random hexadecimal names (e.g., a1b2c3d4.service) to restart the miner if I killed it.
Shell Poisoning: They added lines to my .bashrc and .profile so the miner would start whenever I logged in.

3. The Payload (`xmrig`)

They installed xmrig, a high-performance Monero miner. I found a config.json file dropped in the miner's directory configured to use max-threads-hint: 100 and huge-pages, which explains why the server was choking.

How I Cleaned It Up (Remediation Guide)

If you are infected, you need to act fast. Here is the cleanup process I used.

1. Stop the Bleeding
Immediately kill the miner processes. Note: The process might be named xmrig, but attackers often rename it to look like a system process.

# Force kill all processes matching "xmrig"
sudo pkill -9 -f xmrig

Tip: Check top or htop for any other processes taking 80-90% CPU and kill them.

2. Remove Persistence (Systemd Services)
The attackers hid services with random hex names.

# List all running services and look for random hex strings
systemctl list-units --type=service --state=running

# Stop and disable suspicious services
sudo systemctl stop [service_name]
sudo systemctl disable [service_name]
sudo rm /etc/systemd/system/[service_name]
sudo systemctl daemon-reload

3. Clean System Shells
Check your shell profiles (~/.bashrc, ~/.profile). Remove any lines that look like curl commands fetching scripts or exports you didn't add.

🏠 VITAL: Check for HOME Directory Hijacking

A sophisticated attacker may hijack your environment variables to break tools like NVM/Conda or redirect configuration files to a temporary directory (/tmp), where they can hide or run malware.

To see if this has happened to your $HOME variable, run these commands:

Check the currently set variable:
```
echo $HOME
```
If this outputs /tmp or any path other than /home/yourusername, your environment is poisoned.
Find the malicious override:
You need to search the system-wide configuration files (where the attacker placed the reset command) for the incorrect path. Replace /tmp with the incorrect path found in step 1 if necessary:
```
sudo grep -R 'HOME=/tmp' /etc
```
The output will point you to the exact file (e.g., /etc/profile.d/env.sh). Edit that file (using sudo) and remove the line to restore your system's default behavior.

4. Clean the Codebase & Verify Configs
Resetting git is a good start, but you must manually verify the content of your config files.

# Reset local changes
git reset --hard HEAD
git clean -fd

⚠️ Vital Step: Open your next.config.js, tailwind.config.js, and system files. Read them line-by-line. Attackers are getting better at obfuscating code.

Pro Tip: If you see a block of code in your config that looks suspicious or complex, copy and paste it into an AI tool (like ChatGPT or Gemini) and ask: "Is this code malicious? What does it do?" Don't take chances.

5. Rotate Secrets
Since they had RCE, assume they stole your .env file. Revoke and generate new database credentials and API keys immediately.

Final Step: Patch Immediately!

Cleaning the miner doesn't close the door. You must upgrade Next.js to the latest patched version to prevent them from walking right back in.

Please refer to the official Next.js security blog for the exact version numbers you need to target:
👉 Next.js Security Advisory: CVE-2025-66478

Update your dependencies accordingly:

npm install next@latest react@latest react-dom@latest
# or
yarn add next@latest react@latest react-dom@latest

Deep Dive Analysis

For a detailed technical breakdown of how this "React2Shell" vulnerability works and how the attackers exploit it, read this report:
👉 Wiz.io: Critical Vulnerability in React (CVE-2025-55182)

Stay safe and check your logs!

NOTE: FOR SAFETY I PREFER RESET ALL OF YOUR CREDENTIALS AND MIGRATE TO NEW INSTANCE OR SERVER

Let me know in the comments what you think about this solution and how you are handling these security challenges in your own projects.

Exploring the Foundational Hashing Concept in C++ and Beyond

Manav Verma — Tue, 13 Feb 2024 06:47:40 +0000

Hashmaps

In C++, hashmaps plays a crucial role in efficient data storage and retrieval. To understand how hashmaps work, let's delve into the concepts of hashing and Hash Tables.

Hashing

First, let's start with the concept of hashing, it is a process of converting data (text, numbers, files, or anything) into a fixed-length string of letters and numbers known as a Hash Code. This transformation is achieved through a specialized algorithm called a Hash Function.
Hashing Techniques in PPT format

How hashing works?

Input data is the key

The input data to be hashed is also referred to as the key. Keys can be in various formats, such as a string of text, a list of numbers, an image, or even an application file.

The hash function

The core component of any hashing process is the hash function. This function takes the key and converts it into a fixed-length string of characters.

Where hashing works?

In large database structures, searching through all index values across different levels to reach the desired data block can be time-consuming. Hashing addresses this issue by allowing faster searches using shorter hashed keys instead of the original values.
Hashing is employed to index and retrieve items in a database, providing a quicker way to search for specific items using their hashed keys.
It proves to be an efficient method for determining the direct location of a data record on a disk without relying on complex index structures.
Hashing is also beneficial for implementing dictionaries.

Hash Tables

Hash tables are like organized boxes where we can quickly put things and find them later. They are handy for storing and finding information quickly. Imagine a bunch of labeled boxes (buckets) where we keep our stuff (data elements). We use a special method called hashing to decide which box to put each thing in based on its characteristics. This helps us easily locate and retrieve our items when needed.

Structure of Hash Tables

Array: The backbone of a hash table is an array where data elements are stored. Each element in the array is often referred to as a bucket or slot.
Hash Function: Hash tables use a hash function to compute an index or hash code for each data element. This index determines the position where the element will be stored in the array.
Collision Handling: Since multiple data elements may hash to the same index, collisions can occur. Hash tables employ various collision resolution techniques to handle this issue, such as chaining or open addressing.
Key-Value Pairs: Data elements stored in a hash table are typically in key-value pairs. The key is used to compute the hash code, and the value is the associated data.

Complexity Analysis

The complexity of a hash table depends on the hash function picked. The more collisions it generates, the more the complexity tends toward Θ(n). Hash tables have a Θ(1) complexity in best and average-case scenarios but fall to Θ(n) in their worst-case scenario.

Hashing Concept in C++

We can say that Hashing is pre-storing and then fetch when needed. let's check some hashing methods:

Number Hashing

Consider an array:

Given Number lies in the range <=0 and >=8
arr[] = {2, 3, 3, 1, 2, 3, 4, 6, 7, 1}

First, we have to do prefetching for that we will make a has array as shown in the diagram

hash[9] = {0}
new hash array initialized with 0
Now We have to prefetch the values in the has array
according to the number of times, the value appears like this:

The provided information is clear and provides insights into the occurrences of values in the given array. However, I suggest a slight modification for improved clarity and organization:

From the diagram above, we can easily extract several details about the given array:

1 appears 2 times
2 appears 2 times
3 appears 3 times
4 appears 1 time
6 appears 1 time
7 appears 1 time For all other values, the occurrences are 0 times. This can be expressed as hash[1] = 2, hash[2] = 2, hash[3] = 3, hash[4] = 0, and so on.

Additionally, it's noteworthy to consider the maximum array size in C++ under different scenarios:

Case 1: (Declared Inside Main Function)
The maximum size for an array declared inside the main function is:

arr[10^6] (for an integer array)
arr[10^7] (for a boolean array) Case 2: (Declared Globally)
If declared globally, the maximum size can extend up to arr[10^7]. In this case, every element in the array is initialized to 0 by default if not explicitly assigned.

Try to solve this problem with this approach and you can see how easily hashing solves our problem: Count Frequency

Character Hashing

In character hashing, a process similar to number hashing, characters are mapped into an array.
The approach to achieving this in programming involves utilizing ASCII values.

ASCII aka American Standard Code for Information Interchange

Consider an example:
int x = 'a'; //Automatically typecast 'a' to 97 which is ASCII code
i.e. similar to int x = 97;
therefore, 'b' is 98, 'c' is 99, ..., y is 121 and z is 122

Let's get back to how can we hash it,
A quick question for you, if you what is the value of x here
x = 'a' - 'a'
Yes! you guessed it right, x = 0 here
if we do x = 'b' - 'a', then x = 1
.... x = 'z' - 'a' gives 25 i.e. x = 25
here we get our range i.e. 0 to 25 (and there are 26 letters in English alphabets)
Consider an example
s = "abcdbeadf"

Similar to number hashing, we have to do prefetching for that we will make a has array
as shown in diagram:

hash[26] = {0}
new hash array initialized with 0
Now We have to prefetch the values in the has array
according to the number of times the value appears like this:

This exploration of hashmaps and hash tables is just the tip of the iceberg. There's a vast sea of knowledge and applications waiting to be uncovered. Keep diving deeper, learning more, and discovering the multitude of possibilities that these powerful data structures bring to your programming toolkit. Happy coding! 🚀📚

C++ Arrays: A Guide to Understanding, Storing, and Expanding with Vectors

Manav Verma — Sun, 11 Feb 2024 06:38:12 +0000

In C++, arrays provide a fundamental data structure for organizing and managing collections of values of the same type. This blog post delves into arrays, explores their capabilities, and guides you through effective usage patterns.

Understanding Arrays:

Concept: Arrays store multiple elements of the same data type in consecutive memory locations. Each element, identified by its index (starting from 0), can be directly accessed and manipulated.
Declaration: Declare an array using its data type, name, and size enclosed in square brackets:

data_type array_name[size];

-Initialization: Arrays can be initialized during declaration using curly braces ({}) to provide initial values, or assigned values later.

Storing Roll Numbers Effectively:

While directly creating individual variables is viable for a few students, arrays become essential for efficient storage and management of larger groups.

Key Points:

This snippet dynamically calculates the number of students using the sizeof operator.
Arrays simplify data organization and retrieval, promoting code readability and maintainability.

Addressing Array Limitations:

Arrays do have limitations:

Fixed Size: Predefined size can become inflexible if the number of elements changes.
Memory Management: Manual allocation and deallocation can be error-prone, requiring careful attention.

Introducing Vectors: A Dynamic Array Alternative

C++'s Standard Template Library (STL) provides std::vector, a dynamic array that overcomes these limitations:

Using std::vector:

Dynamic Growth: Add or remove elements at runtime using push_back() and pop_back().
Automatic Memory Management: No manual allocation/deallocation needed, reducing error risks.
Iterators: Simplified access and manipulation of elements using iterators.

Conclusion:

Choose arrays when the size is known at compile time and memory management is straightforward. Opt for std::vector for scenarios with dynamic data requirements and flexibility concerns. By understanding their strengths and weaknesses, you can make informed decisions and leverage these data structures effectively in your C++ programs.

Practice Questions:

Demystifying Memory in Rust: Ownership, Borrowing, and the Memory Landscape:

Manav Verma — Wed, 10 Jan 2024 09:24:25 +0000

Memory management is very important for any program, but in Rust, it takes center stage. Unlike languages with automatic garbage collection, Rust grants you deep control over where and how data resides - a superpower fueled by the innovative concepts of ownership and borrowing.

Have a look at some of the memory management techniques used by other programming languages.

Before understanding the concept of ownership and borrowing, we need to know about stack and heap:

Stack:

The stack is a region of memory that grows and shrinks automatically as functions push and pop frames on it. It's used for static memory allocation, which includes local primitive variables and function pointers. The stack is managed by the CPU, which makes it faster to allocate and deallocate memory compared to the heap. However, the size of the stack is limited and determined at the start of each thread. It's important to note that you can't control the lifespan of memory on the stack; when a function exits, all of its stack memory is reclaimed.

Heap:

The heap is a memory region for dynamic allocation, managed manually. It allows variables to have a global, flexible lifespan. Memory can be allocated at runtime, used until freed by the programmer or program's end. Manual management can lead to errors like memory leaks or dangling pointers. When data is added to the heap, the allocator finds a sufficient empty area, marks it as used, and returns a pointer to the location. This pointer can be stored in the stack for future reference. To retrieve data, follow the pointer to the heap location.

In this article, we're focusing on the String datatype in Rust, which is more complex than primitive datatypes such as i32 or f32. Unlike these fixed-size datatypes, a String's size isn't known at compile time, which means it can't be stored on the stack. Consequently, it isn't automatically cleaned up when its owning variable goes out of scope. Therefore, it's crucial to understand how Rust handles the cleanup process for Dynamically allocated variables.

Now let's start with Ownership

Ownership:

In Rust, Every piece of data in Rust has a clear owner responsible for its memory allocation and release. When the owner goes out of scope, the data and its memory are automatically reclaimed, preventing leaks and dangling pointers. Imagine each piece of data having a single, responsible caretaker.
This eliminates manual memory management, as the ownership system handles memory deallocation automatically.

fn main(){
    let s = String::from("hello"); // s is the owner of the string "hello"
    let t = s; // ownership of the value of s is not transferred to t
    println!("{}", s); //gives an error because ownership of is transferred so s does not have any value
    println!("{}", t); // shows hello
}

In Rust, if we want to have multiple borrowers of a single value we have borrowers i.e. borrowing with rules

Lifetimes: Lifetimes define how long references are valid. They ensure that borrowed references don't outlive the data they point to, preventing the dreaded "dangling references".

fn main(){
    loop {
        let x = 5; // x is only valid in this scope
    }
    println!("{}",x); // Unreachable Code
}

References:

In Rust, references allow you to access the data of a variable without taking ownership. Here are some key points:

Immutable References:

By default, references are immutable. This means you can read from a reference, but you can't modify the data it points to.

let s = String::from("hello");
let r = &s; // r is an immutable reference to s

Mutable References:

If you need to modify the data reference points to, you can create a mutable reference using &mut. However, you can only have one mutable reference to a particular piece of data in a particular scope.

fn main(){
    let mut s = String::from("hello");
    let r = &mut s; // r is a mutable reference to s
    *r = String::from("world"); // This changes the value of s
}

Dangling References:

Rust ensures references are always valid. You can't create a dangling reference (a reference to data that no longer exists).

Borrowing:

You can have unlimited borrows of a value as long as they're all immutable. Once something is borrowed as mutable, it can only be borrowed as mutable once and the original owner can't be used until the mutable reference goes out of scope. Borrowing rules ensure safe, conflict-free access, preventing data races and other concurrency nightmares.

fn main(){
    let s = String::from("hello");
    let t = &s; // t borrows s
    println!("{}", s); // This is fine because t is an immutable borrow
}

In conclusion, Rust's memory management model, with its concepts of ownership, borrowing, and lifetimes, is a powerful tool that provides both safety and efficiency. However, this is just the tip of the iceberg. There's much more to explore and understand about Rust's memory model and its implications for concurrent and systems programming. As you delve deeper into Rust, you'll discover how these concepts interplay to provide a unique blend of performance, safety, and zero-cost abstractions. Keep exploring, keep learning, and enjoy the journey into the fascinating world of Rust.

Forem: Manav Verma

🚨 Critical Next.js Vulnerability: Server Hijacked by Crypto Miner

The Symptoms: "Suddenly, Silence"

The Analysis: What the Hacker Did

1. Code Level Compromise

2. Machine Level Compromise

3. The Payload (xmrig)

How I Cleaned It Up (Remediation Guide)

🏠 VITAL: Check for HOME Directory Hijacking

Final Step: Patch Immediately!

Deep Dive Analysis

Exploring the Foundational Hashing Concept in C++ and Beyond

Hashmaps

Hashing

How hashing works?

Input data is the key

The hash function

Where hashing works?

Hash Tables

Structure of Hash Tables

Complexity Analysis

Hashing Concept in C++

Number Hashing

Character Hashing

C++ Arrays: A Guide to Understanding, Storing, and Expanding with Vectors

Understanding Arrays:

Storing Roll Numbers Effectively:

Key Points:

Addressing Array Limitations:

Introducing Vectors: A Dynamic Array Alternative

Conclusion:

Practice Questions:

Demystifying Memory in Rust: Ownership, Borrowing, and the Memory Landscape:

Stack:

Heap:

Ownership:

References:

Immutable References:

Mutable References:

Dangling References:

Borrowing:

3. The Payload (`xmrig`)