W3 Total Cache PHP injection via mfunc comment processor — weaponised by PCPJack worm
cve · CVE-2025-9501
Coverage timeline
3
first 2026-05-10 → last 2026-05-10
Briefs
3
3 distinct
Sources cited
44
31 hosts
Sections touched
0
—
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-05-19CTI Daily Brief — 2026-05-19
- 2026-05-10CTI Daily Brief — 2026-05-10
- 2026-W19CTI Weekly Summary — 2026-W19 (May 04 – May 10, 2026)
Source distribution
- nvd.nist.gov5 (11%)
- thehackernews.com4 (9%)
- cisa.gov2 (5%)
- ico.org.uk2 (5%)
- research.checkpoint.com2 (5%)
- securityweek.com2 (5%)
- theregister.com2 (5%)
- unit42.paloaltonetworks.com2 (5%)
- other23 (52%)
External references
All cited sources (44)
- sentinelone.comprimaryinlineSentinelLabshttps://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/
- attack.mitre.orginlineCVE-2020-1472 (ZeroLogon, T1068)https://attack.mitre.org/techniques/T1068/
- bankinfosecurity.cominlineBankInfoSecurity, 2026-05-11https://www.bankinfosecurity.com/tables-turned-gentlemen-ransomware-group-suffers-data-leak-a-31654
- bleepingcomputer.cominlineBleepingComputer, 2026-05-13https://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/
- blog.calif.ioinlineCalif/Codex, 2026-06-02https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb
- blog.checkpoint.cominlineCheck Point Research, 2026-05-08https://blog.checkpoint.com/research/cyber-threats-spike-in-april-2026-as-ransomware-expands-and-attack-volumes-climb-after-short-lived-moderation/
- checkmarx.cominlineCheckmarx, 2026-05-12https://checkmarx.com/blog/ongoing-security-updates/
- cisa.govinlineCISA, 2026-06-10https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk
- cisa.govinlineCISA, 2026-06-10https://www.cisa.gov/news-events/news/patch-smarter-not-harder
- eba.europa.euinlineEBA, 2026-06-03https://www.eba.europa.eu/publications-and-media/press-releases/esas-publish-first-report-dora-major-ict-related-incidents
- eiopa.europa.euinlineEIOPA, 2026-06-03https://www.eiopa.europa.eu/esas-publish-first-report-dora-major-ict-related-incidents-2026-06-03_en
- enisa.europa.euinlineENISA press release, 2026-05-06https://www.enisa.europa.eu/news/new-cve-numbering-authorities-under-enisa-root
- github.cominlineGitHub `Bedrock-Safeguard/gentlemen-decryptor`https://github.com/Bedrock-Safeguard/gentlemen-decryptor
- hipaajournal.cominlineHIPAA Journalhttps://www.hipaajournal.com/xsolis-data-breach/
- ico.org.ukinlineICO notice, 2026-05-11https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2026/05/fine-of-nearly-1m-issued-against-south-staffordshire-plc-and-south-staffordshire-water-plc/
- ico.org.ukinlineICOhttps://ico.org.uk/action-weve-taken/enforcement/2026/05/debbie-okparavero-and-maliha-islam-proceeds-of-crime-act/
- isc.sans.eduinlineSANS Internet Storm Center, 2026-05-18https://isc.sans.edu/diary/rss/32994
- news.risky.bizinlineRisky Business News bulletinhttps://news.risky.biz/risky-bulletin-dutch-police-take-down-giant-botnet-of-17-million-devices/
- nltimes.nlinlineNL Times English summaryhttps://nltimes.nl/2026/05/28/ncsc-dutch-police-disrupt-global-botnet-controlled-via-netherlands-based-servers
- nvd.nist.govinlineCVE-2025-9501https://nvd.nist.gov/vuln/detail/CVE-2025-9501
- nvd.nist.govinlineCVE-2025-29927https://nvd.nist.gov/vuln/detail/CVE-2025-29927
- nvd.nist.govinlineCVE-2025-48703https://nvd.nist.gov/vuln/detail/CVE-2025-48703
- nvd.nist.govinlineCVE-2025-55182https://nvd.nist.gov/vuln/detail/CVE-2025-55182
- nvd.nist.govinlineCVE-2026-1357https://nvd.nist.gov/vuln/detail/CVE-2026-1357
- ox.securityinlineOX Security, 2026-05-17https://www.ox.security/blog/new-actors-deploy-shai-hulud-clones-teampcp-copycats-are-here/
- politie.nlinlineCybercrime Team of the Dutch Politie Unit The Hague and the NCSC.nl jointly took down the Asocks residential-proxy infrastructurehttps://www.politie.nl/nieuws/2026/mei/28/06-politie-en-ncsc-halen-groot-botnetwerk-offline.html
- research.checkpoint.cominlineCheck Point Research, 2026-06-17https://research.checkpoint.com/2026/from-stars-to-upvotes-fake-reputation-fueling-a-crypto-clipboard-hijacker/
- research.checkpoint.cominlineCheck Point Research, 2026-05-13https://research.checkpoint.com/2026/thus-spoke-the-gentlemen/
- securelist.cominlineKaspersky Securelist — Exploits and Vulnerabilities Q1 2026https://securelist.com/vulnerabilities-and-exploits-in-q1-2026/119733/
- security-hub.ncsc.admin.chinlineNCSC-CH Security Hub #12574, 2026-05-14https://security-hub.ncsc.admin.ch/#/posts/12574
- securityaffairs.cominlineSecurity Affairshttps://securityaffairs.com/194067/cyber-crime/xsolis-data-breach-impacts-1-4-million-people.html
- securityweek.cominlineSecurityWeek, 2026-05-08https://www.securityweek.com/pcpjack-worm-removes-teampcp-infections-steals-credentials/
- securityweek.cominlineSecurityWeek, 2026-06-23https://www.securityweek.com/russian-initial-access-broker-behind-fortibleed-campaign/
- spycloud.cominlineSpyCloud, 2026-06-19https://spycloud.com/blog/what-spycloud-found-inside-the-fortibleed-threat-actor-infrastructure/
- thehackernews.cominlineThe Hacker News, 2026-05-18https://thehackernews.com/2026/05/four-malicious-npm-packages-deliver.html
- thehackernews.cominlineThe Hacker News, 2026-05-07https://thehackernews.com/2026/05/pcpjack-credential-stealer-exploits-5.html
- thehackernews.cominlineThe Hacker News, 2026-06-04https://thehackernews.com/2026/06/fluttershell-backdoor-spreads-to-macos.html
- thehackernews.cominlineThe Hacker News, 2026-06-23https://thehackernews.com/2026/06/fortibleed-targeted-fortigate-firewalls.html
- therecord.mediainlineThe Record's reportinghttps://therecord.media/uk-water-company-had-hackers-lurking-for-years
- theregister.cominlineThe Register, 2026-05-11https://www.theregister.com/cyber-crime/2026/05/11/ico-fines-south-staffordshire-963k-over-2022-breach/5237875
- theregister.cominlineThe Register, 2026-05-13https://www.theregister.com/security/2026/05/13/disgruntled-researcher-releases-two-more-microsoft-zero-days/5239758
- trendmicro.cominlineTrend Microhttps://www.trendmicro.com/en_us/research/26/b/openclaw-skills-used-to-distribute-atomic-macos-stealer.html
- unit42.paloaltonetworks.cominlineUnit 42, 2026-06-02https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/
- unit42.paloaltonetworks.cominlineUnit 42, 2026-06-23https://unit42.paloaltonetworks.com/openclaw-ai-supply-chain-risk/
Items in briefs about W3 Total Cache PHP injection via mfunc comment processor — weaponised by PCPJack worm
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.