Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Computer Help and Support

Passages

(2,418 posts) Mon Mar 10, 2025, 10:47 AM Mar 10

Bug affecting PHP scripts demands 'immediate action from defenders globally'

Joe Warminsky
March 7th, 2025

A vulnerability initially exploited mostly in cyberattacks against Japanese organizations is now a potential problem worldwide, researchers said Friday.

Threat intelligence company GreyNoise said exploitation of the bug, tracked as CVE-2024-4577, “extends far beyond initial reports,” referencing in particular a blog post published Thursday by cybersecurity firm Cisco Talos.

The Cisco Talos team had said an unknown attacker was “predominantly targeting organizations in Japan” in January through the vulnerability, which affects a setup called PHP-CGI that runs scripts on web servers. A patch was issued last summer.

The attacker’s apparent goal was to steal access credentials and potentially establish persistence in a system, “indicating the likelihood of future attacks,” Cisco Talos said.
https://therecord.media/bug-affecting-php-scripts-global-issue