PHP Under Attack

A critical PHP remote code execution vulnerability (CVE-2024-4577) affecting Windows-based PHP installations has been actively exploited worldwide since June 2024; GreyNoise telemetry shows large-scale automated scanning and attack spikes in Jan–Feb 2025 (1,089 unique attacking IPs in January, with >40% from Germany and China), while Cisco Talos links the flaw to targeted intrusions against Japanese telecom, technology, and education sectors using Cobalt Strike TaoWu plug-ins.