New PCPJack worm steals credentials, cleans TeamPCP infections
… SentinelLabs researchers note that PCPJack is exploiting the following vulnerabilities: CVE-2025-29927: auth bypass in Next.js middleware via crafted header CVE-2025-55182 “ React2Shell ” : Server Actions deserialization flaw in React and Next.js CVE-2026-1357: unauthenticated file upload in WPVivi… …