Scworld
Operation PCPcat Compromises Over 59,000 Next.js/React Servers
First seen 24 Dec 2025, 07:02 UTC
•

•75% similarity
•42.3
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Operation PCPcat has compromised 59,128 Next.js and React servers in under 48 hours, exploiting critical vulnerabilities CVE-2025-29927 and CVE-2025-66478. The attackers utilized prototype pollution in JSON payloads to achieve a 64.6% success rate across 91,505 scanned targets, deploying PCPCat scanners via react.py malware.
ThreatCluster AI