The PCPJack threat actor has compromised 230 cloud compute instances across AWS, GCP, and Azure, converting them into a synchronized SMTP relay network that updates downstream consumers every five minutes. No CVE is assigned; the attack vector is credential exposure and cloud misconfiguration rather than a patched vulnerability. Any organization operating cloud compute with weak IAM hygiene or internet-exposed management interfaces is at direct risk of infrastructure abuse.