A sophisticated attack campaign attributed to a group identifying as “PCP” has compromised 59,128 servers in less than 48 hours by exploiting critical Next.js vulnerabilities.
Security researchers discovered the large-scale operation while monitoring a Docker honeypot, uncovering an industrialized attack infrastructure with command-and-control capabilities targeting React-based applications globally.
The campaign leverages CVE-2025-29927 and CVE-2025-66478, two critical Remote Code Execution vulnerabilities in the Next.js and React frameworks, achieving an alarming 64.6% exploitation success rate.
https://gbhackers.com/pcpcat-malware/