Ransomware Group Exploits PHP Vulnerability Days After Disclosure

12-June-24

The TellYouThePass ransomware group began exploiting a newly disclosed PHP vulnerability (CVE-2024-4577) only days after patches were released. This flaw affects all PHP versions on Windows servers using Apache and PHP-CGI, allowing attackers to execute arbitrary code. The ransomware gang utilized this vulnerability to deploy ransomware, execute PHP code, and run HTML applications from remote servers. This incident underscores the importance of promptly applying security patches to protect against rapidly evolving threats.

Read More…