Experts warn this critical PHP vulnerability could be set to become a global problem

News
By
published

There are dozens of ways to exploit a newly-discovered RCE

A hacker wearing a hoodie sitting at a computer, his face hidden.
(Image credit: Shutterstock / Who is Danny)
  • Cisco Talos recently found a bug in PHP-CGI, being used in attacks against Japanese firms
  • GreyNoise said the attacks are being seen worldwide, and called for "immediate action"
  • A patch was released in the summer of 2024, so update now

Cybersecurity researchers from Cisco Talos recently discovered a critical PHP-CGI vulnerability which could soon become a “global problem” - and doubling down on these findings, experts from GreyNoise have now added “immediate action” from is needed to tackle the threat.

In its report, GreyNoise noted how Cisco Talos recently observed threat actors targeting Japanese organizations through CVE-2024-4577, a critical remote code execution (RCE) flaw in PHP-CGI, with 79 exploits available. Cisco Talos said the unnamed threat actor used the bug to steal credentials and establish persistence on the target system “indicating the likelihood of future attacks.”

“While Talos focused on victimology and attacker tradecraft, GreyNoise telemetry reveals a far wider exploitation pattern demanding immediate action from defenders globally,” the report said.

The US, Singapore, and other targets

Cisco Talos said the threat actors were exploiting the flaw to drop Cobalt Strike beacons, and conduct post-exploitation activities using the TaoWu toolkit.

However, GreyNoise said the flaw was being abused in multiple places around the world, including the United States, Singapore, Japan, and other countries.

The attacks started in January this year, with GreyNoise’s Global Observation Grid (a worldwide network of honeypots) detecting 1,089 unique IPs (separate threat actors, essentially), attempting to exploit CVE-2024-4577 in January 2025 alone.

Almost half (43%) of IPs targeting CVE-2024-4577 in the past 30 days came from either Germany, or China, GreyNoise said.

Cisco Talos has released guidance to help businesses with internet-facing Windows systems exposing PHP-CGI mitigate the threat and defend against potential attacks, which you can find here. A patch was released in the summer of 2024, according to The Record, and GreyNoise added users should run retro-hunts to identify similar exploitation patterns.

Via The Record

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
The best free firewall
Palo Alto Networks PAN-OS sees authentication bypass under attack from hackers
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall firewalls hit by worrying cyberattack
The best free firewall
Palo Alto warns another major firewall hack has been detected
A digital representation of a lock
A critical security flaw in Apache Struts is under attack, so patch now
WordPress
Another top WordPress plugin found carrying critical security flaws
Best free Linux firewalls
Fortinet warns a critical vulnerability in its systems could let attackers breach company networks
Latest in Security
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
botnet
Another top security camera maker is seeing devices hijacked into botnet
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
How to prevent cyberattacks
NTT admits hackers accessed details of almost 18,000 corporate customers in cyberattack
Latest in News
Nvidia geforce rtx 3050
RTX 5050 rumors detail full spec of desktop graphics card, suggesting Nvidia may use slower video RAM – but I wouldn’t panic yet
OnePlus 13
OnePlus is ditching the Alert Slider for an iPhone-style customizable button - and I’ll be sad to see it go
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
Q Acoustics Q SUB80, QSUB100 and QSUB120 subwoofers
Q Acoustics wants to bring the bass to your post-Oscars movie catch-up
Hospital
Major Oracle outage hits US Federal health record systems
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
More about security
botnet

Another top security camera maker is seeing devices hijacked into botnet
healthcare

Software bug meant NHS information was potentially “vulnerable to hackers”
JBL Tune 310C on block against pink background

I tried these cheap wired earbuds from JBL, and they’re some of the best value in-ear headphones I’ve ever tested
See more latest
Most Popular
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 11 (game #373)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Tuesday, March 11 (game #639)
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, March 11 (game #1142)
botnet
Another top security camera maker is seeing devices hijacked into botnet
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
OnePlus 13
OnePlus is ditching the Alert Slider for an iPhone-style customizable button - and I’ll be sad to see it go
Nvidia geforce rtx 3050
RTX 5050 rumors detail full spec of desktop graphics card, suggesting Nvidia may use slower video RAM – but I wouldn’t panic yet
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Michelle and Kid Cosmo watching a video projected onto a screen in Netflix's The Electric State movie
'We could not achieve that with puppetry or animatronics': Joe and Anthony Russo didn't want to build real-life robots for The Electric State for two big reasons
Workers at computers in an office
Cybersecurity workers aren't massively happy with their employers - but they are being paid pretty well