Attacks Exploiting ‘Critical’ PHP Vulnerability Have Impacted US: Researcher

Attacks exploiting a critical vulnerability in PHP, identified as CVE-2024-4577, have been detected by the threat intelligence firm GreyNoise. This flaw allows remote code execution on Windows servers using Apache and PHP-CGI with certain code page parameters. Attackers are using tools to gain system privileges, modify registry keys, add scheduled tasks to ensure persistence, and create malicious services with plugins from the Cobalt Strike 'TaoWu' kit. In January 2025, GreyNoise detected 1,089 unique IP addresses attempting to exploit this vulnerability, with 79 public exploits available.