Feed›Malware›New PCPJack worm steals credentials, cleans TeamPCP infectio...

MalwareBleeping Computer

10.0 — CRITICAL

New PCPJack worm steals credentials, cleans TeamPCP infections

📅 7 May 2026 at 18:35 UTC📰 Bleeping ComputerView original source ↗

A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing TeamPCP's access to the systems. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

PCPJack is a new malware framework designed for large-scale credential theft, likely monetizing its activity via financial fraud, spam operations, credential resale, or extortion. The threat actor targets cloud infrastructure and developer systems, exploiting known vulnerabilities in services like Docker, Kubernetes, Redis, MongoDB, and vulnerable web applications.

⚙️Technical Details

CVEs

CVE-2025-29927CVE-2025-55182CVE-2026-1357CVE-2025-9501CVE-2025-48703

Affected Systems

DockerKubernetesRedisMongoDBRayMLvulnerable web applications

Attack Vectors

NETWORKNETWORKNETWORKNETWORKNETWORK

💥Impact Assessment

Severity: CRITICAL

Who Is at Risk

Developers and organizations with exposed cloud infrastructure, particularly those using Docker, Kubernetes, Redis, MongoDB, and vulnerable web applications.

🛡️Recommended Actions

1Enforce multi-factor authentication (MFA) for all users

2Use IMDSv2 in AWS to secure cloud environments

3Ensure proper authentication for Docker and Kubernetes services

📦Affected Products

Vercel Next.JsFacebook ReactControl-Webpanel Webpanel

🔐NVD Verified DataVERIFIED

CVE-2025-29927 ↗CVSS 9.1 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Weaknesses

CWE-863CWE-285

Affected Products (CPE)

Vercel Next.Js

Patches & References

🔧 https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3…🔧 https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022…📋 https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-m…

CVE-2025-55182 ↗CVSS 10 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE-502

Affected Products (CPE)

Facebook ReactVercel Next.Js

Patches & References

🔧 https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-r…🔧 http://www.openwall.com/lists/oss-security/2025/12/03/4 📋 https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-r…📋 https://www.facebook.com/security/advisories/cve-2025-55182

CVE-2026-1357 ↗CVSS 9.8 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-434

CVE-2025-9501 ↗CVSS 9 — CRITICAL

Attack Vector

NETWORK

Complexity

HIGH

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVE-2025-48703 ↗CVSS 9 — CRITICAL

Attack Vector

NETWORK

Complexity

HIGH

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses

CWE-78

Affected Products (CPE)

Control-Webpanel Webpanel

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed