Threat Hunting on Pratik’s Localhosthttps://pratikdabhi.in/tags/threat-hunting/Recent content in Threat Hunting on Pratik’s LocalhostHugo -- gohugo.ioenpratik.dabhi.4u@gmail.com (Pratik)pratik.dabhi.4u@gmail.com (Pratik)Sun, 08 Feb 2026 12:00:00 +0000From RSC to XMRig: Anatomy of a 28-Day Next.js Compromisehttps://pratikdabhi.in/posts/rce-to-xmrig/Sun, 08 Feb 2026 12:00:00 +0000pratik.dabhi.4u@gmail.com (Pratik)https://pratikdabhi.in/posts/rce-to-xmrig/<div class="lead text-neutral-500 dark:text-neutral-400 !mb-9 text-xl"> <p>What started as &ldquo;why is CPU hot again?&rdquo; ended with a full kill-chain reconstruction: public Next.js RSC RCE exploit, in-memory shell, persistent <code>toolers.cjs</code> backdoor, then 28 days of Monero mining plus a dormant DDoS payload.</p>