The TeamPCP cloud worm campaign exploits both CVE-2025-55182 (React2Shell, CVSS 7.5, EPSS 98th percentile) in React/Next.js applications and misconfigured cloud management interfaces — exposed Docker APIs, Kubernetes API servers, unauthenticated Redis instances, and Ray/Anyscale dashboards — to self-propagate across Azure (61% of victims) and AWS (36%) environments with at least 185 confirmed compromised servers. Post-exploitation spans ransomware deployment, data exfiltration, cryptomining, and proxy network enrollment, representing a full-spectrum impact across business continuity, data integrity, and cost. Organizations should immediately patch CVE-2025-55182 in all React/Next.js applications, audit and restrict all exposed cloud management API surfaces, and hunt for unauthorized container deployments, new cron jobs or systemd services, and cryptomining indicators across cloud workloads.