Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting

This report documents discovery of an exposed server used by a mature, AI-assisted exploitation platform (Bissa scanner) that mass-scanned and exploited Next.js React2Shell (CVE-2025-55182), confirmed 900+ successful compromises, and exfiltrated tens of thousands of .env files and credentials (spanning AI providers, cloud, payments, databases, and messaging) to S3-compatible storage; operator tooling and Telegram bots (@bissapwned_bot, @bissa_scan_bot) show an organized pipeline for triage, validation, and prioritization of high-value victims in finance, crypto, and payroll sectors, and the report includes defensive recommendations and coordinated disclosures.