VulnHub

Real-time Cybersecurity News

New PCPJack worm steals credentials, cleans TeamPCP infections

BleepingComputer
Actively Exploited
Malware

Overview

A new malware known as PCPJack has emerged, targeting exposed cloud infrastructure to steal user credentials. This worm not only pilfers sensitive information but also actively works to remove any existing access that the earlier TeamPCP malware had established on infected systems. The implications of PCPJack are significant, as it compromises cloud security and can lead to further unauthorized access and data breaches. Organizations with vulnerable cloud setups are particularly at risk, as the worm exploits weaknesses to gain access. Users and companies must bolster their security measures to protect against this evolving threat.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Exposed cloud infrastructure, TeamPCP infections
  • Action Required: Organizations should enhance cloud security protocols, monitor for unauthorized access, and remove any traces of TeamPCP infections.
  • Timeline: Newly disclosed

Original Article Summary

A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing TeamPCP's access to the systems. [...]

Impact

Exposed cloud infrastructure, TeamPCP infections

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should enhance cloud security protocols, monitor for unauthorized access, and remove any traces of TeamPCP infections.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack

Security Affairs

Recently, attackers compromised four Laravel-Lang Composer packages, which are widely used for providing translation and localization files in Laravel applications. By rewriting over 700 Git tags linked to historical versions, they managed to inject malware into these packages, potentially affecting numerous Laravel apps. This incident poses a significant risk to developers using Laravel-Lang, as the malware could lead to unauthorized access or other security breaches in their applications. Users of these packages should take immediate action to ensure their systems are not vulnerable and consider removing or updating the compromised packages. This situation serves as a reminder for developers to monitor the integrity of their dependencies closely.

May 26, 2026

High-severity SharePoint RCE bug patched by Microsoft (CVE-2026-45659)

Help Net Security

Microsoft has patched a serious remote code execution vulnerability in SharePoint, identified as CVE-2026-45659. This flaw impacts SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016. The vulnerability arises from the way SharePoint handles untrusted data, allowing an authenticated attacker to execute code on a vulnerable server without requiring any user interaction. The simplicity of the attack makes it particularly concerning, as it poses a risk to organizations using these versions of SharePoint. Companies should prioritize applying the patches to safeguard their systems from potential exploitation.

May 26, 2026

MFA Prompt Bombing: Why Your Second Factor Isn't Saving You

The Hacker News

Multi-factor authentication (MFA) was designed to enhance security by requiring users to provide a second form of verification, making it harder for attackers to gain access to accounts. However, researchers have found that some attackers are using a technique called MFA prompt bombing, where they bombard users with repeated authentication requests until they inadvertently approve one. This method takes advantage of users being overwhelmed and mistakenly granting access. As a result, organizations that rely solely on MFA may be putting themselves at risk, as this approach can easily bypass the intended security measures. It's essential for companies to educate their employees about this tactic and consider additional security layers to protect against unauthorized access.

May 26, 2026

Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign

Infosecurity Magazine

Iranian hackers, known as Nimbus Manticore, have launched a campaign targeting U.S. aviation through phishing attacks and SEO poisoning. They are distributing a malicious backdoor called MiniFast, which is designed to exploit vulnerabilities in systems related to aviation. This campaign poses a significant risk to the aviation sector, as it could potentially allow attackers to gain unauthorized access to sensitive information and disrupt operations. The use of AI to create the MiniFast backdoor indicates a sophisticated approach to cyberattacks, raising concerns about the evolving tactics of state-sponsored hacking groups. Companies in the aviation industry need to be vigilant and enhance their cybersecurity measures to protect against such threats.

May 26, 2026

CISA orders feds to patch actively exploited Drupal vulnerability

BleepingComputer

The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that U.S. government agencies address a critical SQL injection vulnerability in the Drupal content management system by Wednesday evening. This vulnerability, which has been flagged as actively exploited, poses a significant risk to the security of servers running Drupal. Government organizations must act swiftly to protect their systems from potential attacks that could exploit this weakness. The urgency of this directive highlights the ongoing challenges faced by agencies in maintaining secure web platforms, especially as attackers increasingly target widely used software like Drupal. Ensuring that these systems are patched is essential to safeguard sensitive data and maintain operational integrity.

May 26, 2026

Anthropic’s restricted Claude Mythos model may be coming to Claude Code

BleepingComputer

Anthropic is reportedly getting ready to release its Mythos model, which was initially announced in April as a restricted version due to its potential security risks. This model poses significant threats to both private and public software, raising concerns among developers and users about its implications for security. The rollout of such a model could lead to vulnerabilities being exploited if not properly managed. As the technology moves closer to public availability, it’s crucial for stakeholders to understand the risks and prepare accordingly. The situation emphasizes the need for careful consideration in how AI models are deployed, especially those that can impact software security.

May 25, 2026