Exploitation of PHP-CGI RCE Vulnerability Targets Japan’s Technology, Telecommunications, and E-Commerce Industries
In a disturbing development for cybersecurity, a campaign attributed to unidentified threat actors has emerged, focusing primarily on organizations in Japan since January 2025. This malicious initiative exploits a vulnerability known as CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation on Windows systems, as reported by Cisco…