PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

Thursday, May 7, 2026 at 05:45 PM UTC·Source: The Hacker News

Updated: Thursday, May 7, 2026 at 07:00 PM UTC

Executive Summary

Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. "The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker-controlled infrastructure while attempting

Analysis

Source Attribution

Originally published by The Hacker News on May 7, 2026.

Related Threats

CRITICALVulnerability

Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin

Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. [...]

1h agoBleepingComputer

LOWVulnerability

Meet Fragnesia, the third Linux kernel vulnerability in a month

Linux admins reeling from handling last month’s CopyFail and last week’s Dirty Frag kernel vulnerabilities have a new headache to deal with: Fragnesia. “This is a significant vulnerability,” Robert Beggs , head of incident response firm DigitalDefence, told CSO . “It is bypassing traditional filesystem permissions that are present and enforced (for example, ‘file is owned by root’, or ‘file is rea

CVE-2026-46300

2h agoCSO Online

HIGHVulnerability

Maximum Severity Cisco SD-WAN Bug Exploited in the Wild

This is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco's network control system.

2h agoDark Reading