Summary: A severe security vulnerability in PHP (CVE-2024-4577) is being exploited by threat actors to deploy cryptocurrency miners and remote access trojans, with a significant rise in attacks noted across several countries. The flaw particularly affects Windows-based systems operating in CGI mode, allowing remote code execution. Cybersecurity experts recommend updating PHP installations and limiting the use of certain tools like PowerShell to mitigate risks.
Affected: PHP installations on Windows-based systems
Keypoints :
- Exploitation attempts concentrated mainly in Taiwan, Hong Kong, and Brazil.
- Approximately 5% of attacks resulted in the deployment of XMRig cryptocurrency miners.
- Rival cryptojacking groups may be altering firewall settings to protect their mining operations.
- Users are advised to update PHP to the latest version and limit tool usage for enhanced security.
Source: https://thehackernews.com/2025/03/hackers-exploit-severe-php-flaw-to.html