WPVivid Backup unauthenticated file upload — weaponised by PCPJack worm
cve · CVE-2026-1357
Coverage timeline
3
first 2026-05-10 → last 2026-05-10
Briefs
3
3 distinct
Sources cited
12
7 hosts
Sections touched
0
—
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-05-19CTI Daily Brief — 2026-05-19
- 2026-05-10CTI Daily Brief — 2026-05-10
- 2026-W19CTI Weekly Summary — 2026-W19 (May 04 – May 10, 2026)
Source distribution
- nvd.nist.gov5 (42%)
- thehackernews.com2 (17%)
- checkmarx.com1 (8%)
- isc.sans.edu1 (8%)
- ox.security1 (8%)
- securityweek.com1 (8%)
- sentinelone.com1 (8%)
External references
All cited sources (12)
- sentinelone.comprimaryinlineSentinelLabshttps://www.sentinelone.com/labs/cloud-worm-evicts-teampcp-and-steals-credentials-at-scale/
- checkmarx.cominlineCheckmarx, 2026-05-12https://checkmarx.com/blog/ongoing-security-updates/
- isc.sans.eduinlineSANS Internet Storm Center, 2026-05-18https://isc.sans.edu/diary/rss/32994
- nvd.nist.govinlineCVE-2026-1357https://nvd.nist.gov/vuln/detail/CVE-2026-1357
- nvd.nist.govinlineCVE-2025-29927https://nvd.nist.gov/vuln/detail/CVE-2025-29927
- nvd.nist.govinlineCVE-2025-48703https://nvd.nist.gov/vuln/detail/CVE-2025-48703
- nvd.nist.govinlineCVE-2025-55182https://nvd.nist.gov/vuln/detail/CVE-2025-55182
- nvd.nist.govinlineCVE-2025-9501https://nvd.nist.gov/vuln/detail/CVE-2025-9501
- ox.securityinlineOX Security, 2026-05-17https://www.ox.security/blog/new-actors-deploy-shai-hulud-clones-teampcp-copycats-are-here/
- securityweek.cominlineSecurityWeek, 2026-05-08https://www.securityweek.com/pcpjack-worm-removes-teampcp-infections-steals-credentials/
- thehackernews.cominlineThe Hacker News, 2026-05-18https://thehackernews.com/2026/05/four-malicious-npm-packages-deliver.html
- thehackernews.cominlineThe Hacker News, 2026-05-07https://thehackernews.com/2026/05/pcpjack-credential-stealer-exploits-5.html
Items in briefs about WPVivid Backup unauthenticated file upload — weaponised by PCPJack worm
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.