A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default language.

Experts say the wiper campaign against Iran materialized this past weekend and came from a relatively new cybercrime group known as TeamPCP. In December 2025, the group began compromising corporate cloud environments using a self-propagating worm that went after exposed Docker APIs, Kubernetes clusters, Redis servers, and the React2Shell vulnerability. TeamPCP then attempted to move laterally through victim networks, siphoning authentication credentials and extorting victims over Telegram.

In a profile of TeamPCP published in January, the security firm Flare said the group weaponizes exposed control planes rather than exploiting endpoints, predominantly targeting cloud infrastructure over end-user devices, with Azure (61%) and AWS (36%) accounting for 97% of compromised servers.

“TeamPCP’s strength does not come from novel exploits or original malware, but from the large-scale automation and integration of well-known attack techniques,” Flare’s Assaf Morag wrote. “The group industrializes existing vulnerabilities, misconfigurations, and recycled tooling into a cloud-native exploitation platform that turns exposed infrastructure into a self-propagating criminal ecosystem.”

On March 19, TeamPCP executed a supply chain attack against the vulnerability scanner Trivy from Aqua Security, injecting credential-stealing malware into official releases on GitHub actions. Aqua Security said it has since removed the harmful files, but the security firm Wiz notes the attackers were able to publish malicious versions that snarfed SSH keys, cloud credentials, Kubernetes tokens and cryptocurrency wallets from users.

Over the weekend, the same technical infrastructure TeamPCP used in the Trivy attack was leveraged to deploy a new malicious payload which executes a wiper attack if the user’s timezone and locale are determined to correspond to Iran, said Charlie Eriksen, a security researcher at Aikido. In a blog post published on Sunday, Eriksen said if the wiper component detects that the victim is in Iran and has access to a Kubernetes cluster, it will destroy data on every node in that cluster.

“If it doesn’t it will just wipe the local machine,” Eriksen told KrebsOnSecurity.

Aikido refers to TeamPCP’s infrastructure as “CanisterWorm” because the group orchestrates their campaigns using an Internet Computer Protocol (ICP) canister — a system of tamperproof, blockchain-based “smart contracts” that combine both code and data. ICP canisters can serve Web content directly to visitors, and their distributed architecture makes them resistant to takedown attempts. These canisters will remain reachable so long as their operators continue to pay virtual currency fees to keep them online.

Eriksen said the people behind TeamPCP are bragging about their exploits in a group on Telegram and claim to have used the worm to steal vast amounts of sensitive data from major companies, including a large multinational pharmaceutical firm.

“When they compromised Aqua a second time, they took a lot of GitHub accounts and started spamming these with junk messages,” Eriksen said. “It was almost like they were just showing off how much access they had. Clearly, they have an entire stash of these credentials, and what we’ve seen so far is probably a small sample of what they have.”

Security experts say the spammed GitHub messages could be a way for TeamPCP to ensure that any code packages tainted with their malware will remain prominent in GitHub searches. In a newsletter published today titled GitHub is Starting to Have a Real Malware Problem, Risky Business reporter Catalin Cimpanu writes that attackers often are seen pushing meaningless commits to their repos or using online services that sell GitHub stars and “likes” to keep malicious packages at the top of the GitHub search page.

This weekend’s outbreak is the second major supply chain attack involving Trivy in as many months. At the end of February, Trivy was hit as part of an automated threat called HackerBot-Claw, which mass exploited misconfigured workflows in GitHub Actions to steal authentication tokens.

Eriksen said it appears TeamPCP used access gained in the first attack on Aqua Security to perpetrate this weekend’s mischief. But he said there is no reliable way to tell whether TeamPCP’s wiper actually succeeded in trashing any data from victim systems, and that the malicious payload was only active for a short time over the weekend.

“They’ve been taking [the malicious code] up and down, rapidly changing it adding new features,” Eriksen said, noting that when the malicious canister wasn’t serving up malware downloads it was pointing visitors to a Rick Roll video on YouTube.

“It’s a little all over the place, and there’s a chance this whole Iran thing is just their way of getting attention,” Eriksen said. “I feel like these people are really playing this Chaotic Evil role here.”

Cimpanu observed that supply chain attacks have increased in frequency of late as threat actors begin to grasp just how efficient they can be, and his post documents an alarming number of these incidents since 2024.

“While security firms appear to be doing a good job spotting this, we’re also gonna need GitHub’s security team to step up,” Cimpanu wrote. “Unfortunately, on a platform designed to copy (fork) a project and create new versions of it (clones), spotting malicious additions to clones of legitimate repos might be quite the engineering problem to fix.”

Update, 2:40 p.m. ET: Wiz is reporting that TeamPCP also pushed credential stealing malware to the KICS vulnerability scanner from Checkmarx, and that the scanner’s GitHub Action was compromised between 12:58 and 16:50 UTC today (March 23rd).

Cybersecurity professionals are closing out 2025 confronting yet another information-disclosure vulnerability, drawing widespread concern as threat hunters and researchers race to avoid impacts comparable to previous defects dubbed with a “bleed” suffix. 

MongoBleed — CVE-2025-14847 — is a high-severity vulnerability affecting many versions of MongoDB with default configurations that allows unauthenticated attackers to leak server memory, which could contain sensitive data including credentials or tokens. MongoDB disclosed the vulnerability Dec. 19 and worries escalated when a public proof of concept was released Dec. 26.

Multiple cybersecurity firms report the vulnerability is under active exploitation in the wild, and the Cybersecurity and Infrastructure Security Agency added the defect to its known exploited vulnerabilities catalog Monday. 

MongoDB is a nearly ubiquitous open-source database. Researchers at Wiz said 42% of cloud environments contain at least one instance of a MongoDB version vulnerable to CVE-2025-14847, including publicly exposed and internal resources. 

Shadowserver scans found almost 75,000 possibly unpatched versions of MongoDB, out of nearly 79,000 publicly exposed instances Monday. Censys said it observed more than 87,000 potentially vulnerable instances of MongoDB on Saturday. 

Countries with the highest concentration of exposed instances potentially at risk of compromise include China, the United States, Germany, France, Hong Kong, India and Singapore.

The defect, which has a CVSS rating of 8.7, is “concerning because of the scale of the install base, ease of exploitation and lack of forensic evidence left behind,” Ben Read, director of strategic threat intelligence at Wiz, told CyberScoop. “Because it’s a memory-leak vulnerability, there isn’t malware left on the disk, or any durable forensic evidence that data was accessed.”

Wiz has observed exploitation attempts and evidence of active exploitation, but hasn’t been able to attribute any of that malicious activity to a specific threat group, Read said. “We expect that it is being exploited by a wide variety of actors, based on past precedent.”

While threat hunters are on high alert, key details about attacks and the potential impact for exploitation at scale is limited.

“Real-world attack details have been oddly lacking so far,” Caitlin Condon, vice president of research at VulnCheck, told CyberScoop. 

“A lot of the current public info corpus on MongoBleed seems to be assuming that because there’s public proof of concept, exploitation is trivial, but an adversary still has to be able to get useful data out of an attack flow. I’m not sure it’s actually clear yet that that’s trivial,” she added.

Yet, attacker interest in the vulnerability is growing. As of Monday, VulnCheck is tracking more than a dozen public proof of concepts, some of which appear to be valid. 

MongoDB urges customers to upgrade to a patched version as soon as possible, noting that the potential impact is expansive with vulnerable versions dating back to 2017.

Downtime around the holidays may also be impacting visibility and delaying efforts to triage and hunt for evidence of compromise.

“Many security teams are likely to have reduced capacity this week, which may contribute to a longer tail on observed exploitation details and threat actor attribution,” Condon said.

The post MongoBleed defect swirls, stamping out hope of year-end respite appeared first on CyberScoop.

Security experts have observed a steady increase in malicious activity from a widening pool of attackers seeking to exploit React2Shell, a critical vulnerability disclosed last week in React Server Components.

Authorities are also responding to heightened concern about the defect, with the Cybersecurity and Infrastructure Security Agency shortening the deadline for agencies to patch the vulnerability to Friday. The agency previously set a deadline of Dec. 26 when it added CVE-2025-55182 to its known exploited vulnerabilities catalog last week.

Palo Alto Networks Unit 42 said more than 50 organizations are impacted by attacks involving exploitation of the vulnerability with victims observed in the United States, Asia, South America and the Middle East. 

Evidence to back up widening concern about the defect is abundant, coming from many corners of the threat research community. Attackers of various types are flocking to the opportunity, including nation-state attackers, cybercriminals, botnets, and threat groups seeking to steal cryptocurrency and deploy cryptojacking malware.

Shadowserver scans concluded the scope of potential impact is much greater than previously thought. On Monday, the organization found more than 165,000 IPs and 644,000 domains with vulnerable code placing those instances at risk of exploitation. Nearly two-thirds of those vulnerable instances are based in the United States.

“This is a one click — game over — kind of vulnerability and corresponding exploit,” Kelly Shortridge, chief product officer at Fastly, told CyberScoop. “We see it basically hitting everyone,” she said, with attackers targeting any organization with valuable data, sensitive records or business-critical applications that can be stolen or knocked down for extortion efforts. 

“Security teams are, surprisingly, not all taking this seriously. It’s pretty uneven,” and “surprising to see that kind of dismissiveness from security teams,” Shortridge said.

Half of the public resources exposed to CVE-2025-55182 remain unpatched, and in-the-wild exploitation has expanded rapidly since early Tuesday, Alon Schindel, vice president of AI and threat research at Wiz, wrote in a LinkedIn post. Wiz Research has observed more than 15 distinct intrusion clusters to date. 

Christiaan Beek, senior director of threat intelligence and analytics at Rapid7, described this as a “patch-now situation” as simultaneous exploitation is coming from across the entire threat landscape. 

“Our telemetry shows a surge in attacks, from low-skill opportunistic abuse, like Mirai bot deployments and coin-miners, to nation-state actors adapting this into their attack stack. We’re also seeing indicators linking this vulnerability exploitation to tooling previously used by ransomware groups,” he added.

Unit 42 on Tuesday said it uncovered activity that overlaps with previous attacks attributed to the North Korea threat group it tracks as Contagious Interview, which has deployed malware on the devices of people seeking jobs in the tech industry. 

Researchers at the incident response firm found evidence of compromise across many sectors, including financial services, business services, higher education, technology, government, management consulting, media and entertainment, legal services, telecom and retail.

Attempted attacks are also coming from China state-backed threat groups, according to Amazon and Unit 42. Amazon said its threat intelligence teams observed active exploitation attempts by Earth Lamia and Jackpot Panda within hours of the vulnerability’s public disclosure.

Attackers are pursuing sweeping potential impact because the vulnerability affects multiple React frameworks and bundlers that depend on React Server Components, including Next.js, React Router, Waku, Parcel RSC plugin, Vite RSC plugin, RedwoodJS and possibly others. 

VulnCheck said it has observed nearly 100 public proof-of-concepts for the vulnerability, adding that most of the current variants target Next.js. 

GreyNoise said it has observed more than 360 unique IP addresses attempting to exploit the vulnerability, and roughly two-fifths of those malicious IPs contained active payload data revealing widespread attention from automated botnets to more capable attackers, the company said. 

The malware used in these attacks is broad, highlighting the myriad objectives and techniques afoot. Unit 42 said it has observed Snowlight, Vshell, NoodlerRat, XMRIG, BPFDoor, Autocolor, Mirai and Supershell malware. 

Some researchers are comparing the React defect to Log4Shell, an exploit in Apache Log4j’s software library that drew widespread concern in 2021 that continues to bear a long-tail impact in the software supply chain. 

While React and Next.js aren’t as widely deployed as Log4Shell, according to Shortridge, the potential impact is worse and the React vulnerability is easier to weaponize as well. 

“The delivery vector is the command-and-control channel, which means once they’re in, it’s going to be really difficult to spot them, and they’re probably going to be able to blend into your normal traffic, and they’ll be able to do whatever they want,” she said. 

“You’re probably not going to know that it’s happened to you,” Shortridge said. “We are seeing some companies that didn’t think they were vulnerable are surprised to discover that, in fact, they are.”

The post Attacks pinned to critical React2Shell defect surge, surpass 50 confirmed victims appeared first on CyberScoop.

Attackers of different origins and motivations swiftly exploited a critical vulnerability dubbed React2Shell, affecting React Server Components shortly after Meta and the React team publicly disclosed the flaw with a patch Wednesday. 

Multiple security firms are responding to active exploitation in the wild as a scrum of reports conclude the malicious activity is limited to scanning and attempts instead of actual attacks. Yet, official word from the Cybersecurity and Infrastructure Security Agency is clear — the agency added CVE-2025-55182 to its known exploited vulnerabilities catalog Friday. 

Reaction to the deserialization vulnerability, which has a CVSS rating of 10 and allows unauthenticated attackers to achieve remote-code execution, has revealed a chasm in the cybersecurity research community. Threat analysts are mostly growing more concerned about downstream impacts, but some are urging defenders to respond with less urgency and restraint.

A debate over actual exploitation is muddying response efforts as some researchers say they’ve observed working proof of concepts and others assert legitimate PoCs are lacking. Nonetheless, real organizations have been impacted by attacks, according to multiple researchers investigating the fallout. 

Palo Alto Networks’ incident response firm Unit 42, watchTowr and Wiz told CyberScoop they’ve observed successful exploitation and follow-on malicious activity.

As of late Friday, Unit 42 has confirmed more than 30 organizations across various sectors are impacted. 

“Unit 42 observed threat activity we assess with high confidence is consistent with CL-STA-1015, also known as UNC5174, a group suspected to be an initial access broker with ties to the Chinese Ministry of State Security,” said Justin Moore, senior manager of threat intel research at Unit 42. 

“In this activity, we observed the deployment of Snowlight and Vshell malware, both highly consistent with Unit 42 knowledge of CL-STA-1015,” he added. 

More broadly, Moore said Unit 42 has “observed scanning for vulnerable remote-code execution, reconnaissance activity, attempted theft of Amazon Web Services configuration and credential files, as well installation of downloaders to retrieve payloads from attacker command and control infrastructure.”

Ben Harris, CEO and founder of watchTowr, said his team has observed indiscriminate exploitation, describing the malicious activity as rapid and prolific.

“Post-exploitation we’ve seen everything from basic extraction of credentials through to webshell deployments as a stepping stone to further activities,” Harris said. 

Multiple Wiz customer environments have been impacted by successful exploitation as well, according to Amitai Cohen, the company’s threat vector intel lead. 

“So far, we’ve observed deployments of cryptojacking malware and attempts to extract cloud credentials from compromised machines,” he said. “These early-stage activities are consistent with common post-exploitation objectives like resource hijacking and establishing further access.”

Researchers from multiple firms said attempted and successful exploitation has increased following the release of public PoCs. The potential scope of impact is significant, as 39% of cloud environments contain instances of React or Next.js, a separate open-source library that depends on React Server Components, running versions vulnerable to CVE-2025-55182, according to Wiz Research.

“The Next.js framework itself is present in 69% of environments, and 44% of all cloud environments have publicly exposed Next.js instances — regardless of the version running,” Cohen said.

Further complicating matters, Vercel, the company behind Next.js, disclosed and issued a patch Wednesday for its own maximum-severity vulnerability — CVE-2025-66478 — but the CVE was rejected because it’s a duplicate of the React defect, the root cause. 

Multiple threat groups are mobilizing resources to exploit the vulnerability for various objectives. 

“There are remote-code execution PoCs around now. It’s definitely already started, which means ransomware gangs follow. They don’t ignore opportunities for money,” Harris said.

Within hours of the public disclosure of the vulnerability, “Amazon threat intelligence teams observed active exploitation attempts by multiple China state-nexus threat groups, including Earth Lamia and Jackpot Panda,” CJ Moses, chief information security officer of Amazon Integrated Security, said in a blog post Thursday.

Unit 42 said it, too, is tracking attempted exploitation from several possible China-linked threat actors and cybercriminals. 

Automated, opportunistic exploitation attempts based on a publicly released PoC have been widespread, said Noah Stone, head of content at GreyNoise Intelligence. The firm’s sensors have captured malicious traffic originating from infrastructure in China, Hong Kong, the United States, Japan and Singapore targeting services based in the United States, Pakistan, India, Singapore and the United Kingdom, he said. 

VulnCheck’s decoy systems, which act as an early warning sign of vulnerability exploitation, have also observed exploitative scanning, said Caitlin Condon, the company’s vice president of research. “VulnCheck has been looking at patch rates on exposed Next.js apps, and we didn’t see a lot of patched systems,” she added.

Patching and mitigating the vulnerability isn’t without risk, either. Cloudflare said it experienced a temporary outage that was triggered by changes it made to its body parsing logic to detect and mitigate the vulnerability Friday.

As security researchers debate the viability of PoCs for the React vulnerability and visibility into actual attacks differs across the community, there’s no doubt the defect, which affects one of the most extensively used application frameworks, has captured sweeping interest and attention.

“This whole story is wild,” said Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative. “This has been a real rollercoaster.”

The post Attackers hit React defect as researchers quibble over proof appeared first on CyberScoop.

Security researchers and code developers are scrambling to patch and investigate a critical vulnerability affecting React Server Components, an open-source library used widely across the internet and embedded into many essential software frameworks.

The rapid response underscores the potential consequences of exploitation. Although no attacks have been observed or reported, researchers expect them soon and are urgently mobilizing resources to address the defect.

The vulnerability – CVE-2025-55182 – was discovered by Lachlan Davidson, a developer and lead of security innovation at Carapace, and reported to Meta on Saturday. Meta and the React team created a patch and worked with affected hosting providers to address the defect Monday before the public disclosure on Wednesday.

“The reason there’s been such a measured response to this vulnerability is because exploitation is inevitable,” Ben Harris, CEO and founder of watchTowr, told CyberScoop. “We should be expecting attackers to start exploiting this vulnerability truly imminently.” 

React is one of the most extensively used application frameworks, putting large swaths of web applications at risk. “Our data shows that these libraries can be found in vulnerable versions in around 39% of cloud environments,” said Amitai Cohen, threat vector intel lead at Wiz.

Researchers warn that exploitation of the deserialization defect is trivial and allows unauthenticated attackers to achieve remote code execution in default configurations, resulting in elevating privileges or pivots into other parts of a network. “The impact on the resources stored on that system could be devastating should things like access keys or other secrets or sensitive information be present,” said Stephen Fewer, senior principal researcher at Rapid7.

Prior to public disclosure, security researchers from Meta, which initially created and maintained React before moving the open-source library to the React Foundation in October, worked behind the scenes to notify affected organizations of the defect and shared temporary steps for mitigation such as web application firewall rules.

“While we are actively investigating and have no evidence that this vulnerability has been exploited at this time, we want to make all developers aware of this issue so they can implement the appropriate mitigations quickly,” a Meta spokesperson said in a statement.

The vulnerability affects multiple React frameworks and bundlers, including Next.js, React Router, Waku, Parcel RSC plugin, Vite RSC plugin, RedwoodJS and likely others that haven’t been identified yet, according to researchers. Vercel, the company behind Next.js, disclosed and issued a patch for its own maximum-severity vulnerability — CVE-2025-66478 — due to its dependency on React Server Components. 

Researchers from Wiz, Rapid7, watchTowr and other security firms warned that ensuing fallout from other frameworks or libraries that depend on React Server Components is likely, and long-tail impacts will persist in environments that are less maintained or difficult to update.

It’s unclear why Vercel assigned a separate CVE for Next.js since the upstream defect in React, CVE-2025-55182, is the root cause, but the vendor could be tracking impact on its own product, Fewer said. “It should not be necessary to assign a new CVE for each React-dependent framework, so long as the root cause remains the same as the original CVE-2025-55182 issue,” he added.

Cale Black, senior researcher at VulnCheck, said upstream dependency vulnerabilities tend to be handled on a per-project basis. “Projects with more mature security processes will release their own remediation guidance, and potentially over CVEs,” he said.

Meanwhile, threat hunters are steeling themselves for active exploitation and expect technical details and exploit code to be publicly available shortly. 

“With the entire internet looking at a solution that’s used everywhere to understand this vulnerability, someone will figure it out,” Harris said. “I have no doubt that by tomorrow morning, when I wake up, there will be easily one, if not more ways to reproduce this vulnerability.”

The post Developers scramble as critical React flaw threatens major apps appeared first on CyberScoop.

Security researchers and authorities are warning about a fresh wave of supply-chain attacks linked to a self-replicating worm that attackers have injected into almost 500 npm (node.js package manager) software packages, exposing more than 26,000 open-source repositories on GitHub.

The trojanized npm packages, which were first discovered late Sunday by Charlie Eriksen, security researcher at Aikido Security, were uploaded during a three-day period starting Friday and reference a new version of Shai-Hulud, malware that previously infected npm packages in September.

The campaign remains active and is compromising additional repositories, while others have been removed. Researchers haven’t observed downstream attacks originating from credentials stolen by the malware.

“However, because these credentials were publicly exposed on GitHub, it is highly likely that multiple threat actors already have access to them or will soon. This significantly increases the probability of downstream exploitation even if it has not yet appeared at scale,” Eriksen told CyberScoop.

The malware is propagating rapidly, using stolen npm tokens to infect additional packages at a level of automation and scale that is substantially higher than its previous version, approaching near self-sufficiency, Eriksen added. 

Major packages including Zapier, ENS Domains, PostHog and Postman were trojanized, allowing the attackers to populate GitHub repositories with stolen victim data, according to Wiz. Some of the packages are present in about 27% of cloud and code environments, the security firm said in a blog post Monday.

“We’ve observed multiple environments where these trojanized packages were downloaded before their removal from npm, suggesting active real-world exposure,” Merav Bar, threat researcher at Wiz, told CyberScoop. “As we saw in past attacks, we expect to see a long tail of exploitation of the exposure across both the initial and opportunistic attackers.”

The previous and current wave of Shai-Hulud attacks appear to be focused on stealing developer secrets that can be used for deeper supply-chain compromise, Bar added.

“Both waves of Shai-Hulud show how easy it is for attackers to weaponize trusted distribution paths, push malicious versions at scale, and reach thousands of downstream developers before anyone realizes something is wrong,” she said.

The timing of the latest Shai-Hulud campaign was opportunistic as well, hitting repositories just weeks before npm, a company GitHub acquired in 2020, plans to revoke classic tokens as part of a push to institute more strict security practices broadly. “This campaign would be significantly limited if these security implementations were in place,” Eriksen said.

The latest variant of Shai-Hulud creates malicious files during the preinstall phase, including a randomly named public repository containing stolen data. While the attacker references Shai-Hulud and activities resemble the previous worm, researchers at Wiz said there are some differences and attribution has not been fully confirmed.

Ron Peled, chief operating officer and co-founder of Sola Security, described npm as a low-friction package ecosystem, which makes it an appealing target for attackers. Moreover, he said, developers’ endpoints and CI/CD environments are often a blind spot for endpoint detection and response and anti-malware tools.

“Developers often store GitHub tokens, npm tokens or cloud secrets in environment variables,” Peled said. “Build systems almost always have access to powerful tokens and the malware only needs one of them to propagate.”

Attackers target open-source software for supply-chain attacks frequently, and the latest campaign marks yet another attack specifically targeting npm. Attacks are gaining maturity and complexity, building upon previous success, said Melissa Bischoping, senior director of security and product design research at Tanium. 

“Last year, everyone zeroed in on the XZ Utils compromise and how supply-chain compromise of a single open-source project could potentially hijack the entire world. In early September we had simple cryptojacking which was mostly a non-issue, but then that was quickly followed by the Shai-Hulud worm which stole credentials and further compromised security,” she added. 

“The pattern emerging is that attackers have identified open-source developers as high-value targets and have had massive success in just the last year,” Bischoping said. “Developers, even hobbyist ones, need to be prepared for continued attacks and escalation.”

The post Shai-Hulud worm returns stronger and more automated than ever before appeared first on CyberScoop.