Honeypots have detected probes for a PHP vulnerability CVE-2024-4577, first found by Orange Tsai and elaborated by Watchtwr Labs. The vulnerability, which could potentially lead to OS command injection when PHP is used in CGI mode, allows attackers to bypass the Apache escape process. An exploit matching this pattern was detected. PHP released updates last week to address the vulnerability.
Iran-linked hackers disrupt operations at US critical infrastructure sites
Hackers working on behalf of the Iranian government are disrupting operations at multiple US critical infrastructure sites, likely in response to the country’s ongoing war
