Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

PCPJack credential theft framework worms across exposed cloud infrastructure

Malware Activity
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

The PCPJack malware activity is extending a credential-theft operation across exposed cloud infrastructure, stripping TeamPCP artifacts and stealing access from services such as Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications. The behavior increases the risk of stolen-access resale and follow-on abuse in cloud environments.

Related Happenings

TeamPCP uses Shai-Hulud release to build access-broker monetization pipeline

Threat Actor Meta
First: 18.05.2026 22:53 Last: 18.05.2026 22:53 Sources 1

About this happening: **TeamPCP** is being framed as using the **Shai-Hulud** source-code release to drive an **access broker** business, turning worm distribution into a credential-monetization pipeli...

Open Happening

TeamPCP campaign expands across multiple victims

Campaign
First: 15.05.2026 13:54 Last: 15.05.2026 13:54 Sources 1

About this happening: The **TeamPCP / Mini Shai-Hulud** supply-chain operation is actively compromising **hundreds of packages**, exposing **downstream developers** to **malware delivery** and **creden...

Open Happening

Major South Korean electronics manufacturer hit by data theft breach

Incident
First: 14.05.2026 00:59 Last: 14.05.2026 00:59 Sources 1

About this happening: A **major South Korean electronics manufacturer** suffered a **week-long intrusion** in **February 2026**, giving attackers time to conduct **reconnaissance**, **credential theft*...

Open Happening

PCPJack TeamPCP-targeting cloud credential theft campaign

Campaign
First: 08.05.2026 12:00 Last: 08.05.2026 12:00 Sources 1

How related: Security researchers have discovered an unusual new threat campaign designed to target victims of notorious cybercrime group TeamPCP.

About this happening: A new **PCPJack** campaign is targeting **TeamPCP victims** by **worming across exposed cloud infrastructure**, creating a fresh risk of credential theft and unauthorized reuse of...

Open Happening

PCPJack Linux cloud credential-theft and persistence framework

Malware Activity
First: 07.05.2026 21:35 Last: 07.05.2026 21:35 Sources 1

About this happening: The **PCPJack** malware framework is stealing credentials from **exposed Linux cloud systems**, creating a broad risk of account takeover and lateral movement. It targets services...

Open Happening

Timeline

  1. 08.05.2026 12:00 2 articles · 19d ago

    PCPJack is disclosed as a TeamPCP-targeting cloud credential theft framework

    Initial Disclosure

    SentinelOne described PCPJack as a credential theft framework that targets victims of TeamPCP, worming across exposed cloud infrastructure, removing TeamPCP artifacts, and stealing credentials from Docker, Kubernetes, Redis, MongoDB, RayML, and vulnerable web applications. The behavior was assessed as oriented toward monetization through stolen access rather than crypto-mining, and the accompanying guidance urged enterprise credential vaults, MFA for service accounts, IMDSV2 enforcement in AWS, S3 allow-listing, authentication for Docker and Kubernetes, and least-privilege Kubernetes service accounts.

    Show sources
    Open in new tab