The Next.js vulnerability is worse than you think

Description

I deployed a Next.js application with a critical 10/10 vulnerability (CVE-2024-46982) and waited for the hackers to arrive. Within hours, they had full Remote Code Execution (RCE). They tried to install crypto miners, steal my AWS keys, and open reverse shells. But they failed because of a simple "Minimalist" deployment strategy. In this video, I'll analyze the live server logs to see exactly how the attack works, what they tried to steal, and how you can protect your infrastructure by doing less, not more. Timestamps: 00:00 - The hack 00:48 - First attack 01:22 - Second attack 02:14 - Third attack 02:50 - Fourth attack 04:15 - How I prevented it