Operation PCPcat is a large-scale cyber espionage campaign exploiting vulnerabilities in React frameworks to compromise servers and steal credentials. The attack involves automated scans, exploit chains, and a central C2 server to maintain persistence and expand infection, posing significant risks to modern web infrastructure. #CVE-2025-29927 #CVE-2025-66478 #ReactServers #CredentialTheft #OperationPCPcat
Keypoints
- The campaign targets React-based systems, including Next.js and React Servers, exploiting undocumented vulnerabilities for remote code execution.
- Operation PCPcat compromised over 59,000 servers within 48 hours, with a success rate of approximately 64.6% from scanned IPs.
- The malware deployed is a credential stealer that exfiltrates sensitive data like environment files, SSH keys, and cloud credentials.
- Attackers utilize a centralized command-and-control server in Singapore for coordination and data collection.
- Organizations should audit configurations, rotate credentials, monitor traffic, and employ detection tools to mitigate such large-scale threats.
Read More: https://thecyberexpress.com/pcpcat-react-servers-nextjs-breach/