React/Next.js Server Actions deserialisation ("React2Shell") — weaponised by PCPJack worm

cve · CVE-2025-55182

Coverage timeline

first 2026-05-10 → last 2026-05-10

Briefs

1 distinct

Sources cited

4 hosts

Sections touched

—

Co-occurring entities

no co-occurrence

Story timeline

2026-05-10CTI Daily Brief — 2026-05-10

Source distribution

nvd.nist.gov5 (62%)
securityweek.com1 (12%)
sentinelone.com1 (12%)
thehackernews.com1 (12%)

External references

NVD · cve.org · CISA KEV

All cited sources (8)

sentinelone.comprimaryinlineSentinelLabs, 2026-05-07https://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/
source profile · cited in 2026-05-10
nvd.nist.govinlineCVE-2025-55182https://nvd.nist.gov/vuln/detail/CVE-2025-55182
cited in 2026-05-10
nvd.nist.govinlineCVE-2025-29927https://nvd.nist.gov/vuln/detail/CVE-2025-29927
cited in 2026-05-10
nvd.nist.govinlineCVE-2025-48703https://nvd.nist.gov/vuln/detail/CVE-2025-48703
cited in 2026-05-10
nvd.nist.govinlineCVE-2025-9501https://nvd.nist.gov/vuln/detail/CVE-2025-9501
cited in 2026-05-10
nvd.nist.govinlineCVE-2026-1357https://nvd.nist.gov/vuln/detail/CVE-2026-1357
cited in 2026-05-10
securityweek.cominlineSecurityWeek, 2026-05-08https://www.securityweek.com/pcpjack-worm-removes-teampcp-infections-steals-credentials/
source profile · cited in 2026-05-10
thehackernews.cominlineThe Hacker News, 2026-05-07https://thehackernews.com/2026/05/pcpjack-credential-stealer-exploits-5.html
cited in 2026-05-10

Items in briefs about React/Next.js Server Actions deserialisation ("React2Shell") — weaponised by PCPJack worm

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.