Operation PCPcat Compromises Over 59,000 Next.js/React Servers

Operation PCPcat Compromises Over 59,000 Next.js/React Servers

First seen 24 Dec 2025, 07:02 UTC GbhackersCybersecuritynewsScworld 75% similarity 42.3

Article Content

Browse articles
ThreatCluster

Operation PCPcat has compromised 59,128 Next.js and React servers in under 48 hours, exploiting critical vulnerabilities CVE-2025-29927 and CVE-2025-66478. The attackers utilized prototype pollution in JSON payloads to achieve a 64.6% success rate across 91,505 scanned targets, deploying PCPCat scanners via react.py malware.

ThreatCluster AI

Community

Browse all →