The recently disclosed CVE-2024-4577 PHP vulnerability has been rapidly weaponized by the TellYouThePass ransomware gang to breach servers and encrypt files since around June 7, 2024. Censys published a live dashboard tracking publicly exposed infected hosts, observing around 1,000 as of June 13, primarily geolocated in China.
The Censys Research Team first wrote about this issue in an advisory published on June 10, 2024: https://censys.com/cve-2024-4577/.
This latest blog expands upon the evolving exploitation of the vulnerability, the TellYouThePass campaign, and the team’s observations regarding compromised hosts. Read it here.