Critical PHP Vulnerability Under Widespread Cyberattack
A critical PHP vulnerability affecting Windows systems, CVE-2024-4577, is now under mass exploitation in multiple countries, including the U.S. and the U.K., according to GreyNoise. The flaw, originally disclosed last June, has been leveraged by various malware campaigns, including TellYourPass ransomware.
Recent attacks in Japan were attributed to an unknown threat actor, but new reports suggest a broader wave of exploitation. Security experts warn that the vulnerability remains a prime target for cybercriminals, emphasizing the urgent need for patching and mitigation measures.
Trump Administration Halts Funding for Two Cybersecurity Efforts, Including One for Elections
The Trump administration has cut millions in federal funding for two cybersecurity programs, including a major initiative supporting state and local election officials. The decision, which impacts funding for the nonprofit Center for Internet Security, is part of a broader move to limit federal involvement in election security.
CISA also recently placed more than a dozen election-related staffers on administrative leave and shut down an FBI task force focused on foreign election interference. Critics warn that these rollbacks could leave the U.S. more vulnerable to cyber threats ahead of the upcoming elections.
Elon Musk Blames ‘Massive Cyberattack’ for Widespread X Outage
Social media platform X suffered a major outage on March 10, with tens of thousands of users unable to access the site. Owner Elon Musk blamed the disruption on a “massive cyberattack,” suggesting that a well-funded group or nation-state may have been involved.
The outage, which peaked around 10 a.m. EST, affected both the X app and website, with intermittent service disruptions continuing throughout the day. As frustrated users flocked to alternative platforms like Threads and Bluesky, concerns grew over the security of X’s infrastructure.
