PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

A new credential theft framework called PCPJack has been identified targeting exposed cloud infrastructure by exploiting five CVEs to spread in a worm-like manner. The malware harvests credentials from cloud services, containers, developer tools, productivity platforms, and financial services before exfiltrating data through attacker-controlled infrastructure, while also removing competing TeamPCP

Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. "The toolset harvests credentials from cloud, container, developer, productivity, and financial services, then exfiltrates the data through attacker-controlled infrastructure while attempting

Originally published at thehackernews.com

#Cloud Security #Credential Theft #Cybersecurity #Malware #Vulnerabilities #Vulnerability Exploitation

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

Talk to an architect about applying this to your stack.

More from the journal

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

Talk to an architect about applying this to your stack.

More from the journal

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

Anti-DDoS Firm Heaped Attacks on Brazilian ISPs

Attacks Abuse Windows Phone Link to Steal Texts &amp; Bypass 2FA

Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA