ThreatCluster

PCPcat Malware Compromises Over 59,000 Servers via React2Shell Exploit

First seen 15 Dec 2025, 20:51 UTC GbhackersCybersecuritynews 91% similarity 42

Article Content

Browse articles
ThreatCluster

The PCPcat malware campaign has compromised more than 59,000 servers in under 48 hours by exploiting critical vulnerabilities in .js and React frameworks. It specifically targets vulnerabilities CVE-2025-29927 and CVE-2025-66478, enabling remote code execution without authentication through prototype pollution and command execution techniques.

ThreatCluster AI

Community

Browse all →