Category: Full Text Articles – Audio Posts

Russian military intelligence is being held responsible for attempting to destabilize the situation in Romania by orchestrating mass protests in support of the pro-Russian presidential candidate Călin Georgescu. Riots Erupt in Bucharest After Central Electoral Bureau Rejects Călin Georgescu’s Presidential Candidacy. Evidence implicating Russian military intelligence includes Georgescu’s connection with mercenary Horatiu Potra, who is linked to figures associated with Russian influence. In September 2024, Potra flew from Moscow to Dubai, visited the Russian embassy, and was connected with “PMC Wagner.” In addition to Potra, Georgescu’s circle included Marin Burca, a former Foreign Legion fighter who collaborated with neo-nationalist movements and launched a joint business with Dorina Mihai. Mihai maintained contacts with Chechen military personnel, including General Zamid Aliyevich Chalaev, commander of the Chechen Interior Ministry’s special forces—an indirect tie to Ramzan Kadyrov. She posted photographs with Russian soldiers, including those who fought in the battles for Mariupol in 2022.

Dorina Mihai has repeatedly visited Chechnya and was recently spotted in Dubai alongside Chechen special forces. She has also publicly praised Vladimir Putin on social media.

The Romanian prosecutor’s office conducted a large-scale operation targeting Georgescu’s entourage. Law enforcement agencies carried out 47 searches in five counties, investigating 27 individuals. Potra’s group is suspected of establishing an organization with fascist, racist, and xenophobic characteristics, as well as of disseminating ideas and doctrines that promote such views in the public sphere. They actively used social networks to recruit like-minded individuals—a practice that aligns with Russian military intelligence methods for identifying and recruiting agents after February 2022.

On March 6, six individuals in Romania were arrested on suspicion of preparing a coup d’état and committing treason. They maintained contacts with agents from a foreign state, including in Russia, where they traveled several times to discuss their plans to seize power. The Romanian Ministry of Foreign Affairs has decided to expel two Russian diplomats from the country—the Military, Air, and Naval Attaché of the Russian Federation in Bucharest, as well as his deputy as Mil intel spies.

The group planned to withdraw Romania from NATO, adopt a new constitution, change the state symbols, dissolve existing political parties, and create a new government composed of their supporters. The strategic goal of the Russians is to weaken NATO and expel the Alliance from the Black Sea region.

Several indicators suggest possible Russian influence in mass protests in Romania:

1. Coordinated Disinformation Campaigns:
   • Researchers have identified social media operations that deploy narratives echoing known Russian propaganda tactics. These campaigns often push anti-EU, anti-NATO, and anti-Western messages, which can help mobilize protest movements.
2. Digital Footprint Analysis:
   • Studies of online activity during protest events have revealed networks of bots and coordinated accounts. Their behavior and messaging patterns resemble those seen in other Russian influence operations across Eastern Europe.
3. Intelligence Assessments:
   • Western intelligence agencies have warned that Russia uses hybrid warfare—including covert disinformation—to destabilize European nations. While details are typically classified, these assessments indicate that such tactics have been deployed in Romania.
4. Comparative Tactics:
   • Analysts note that the methods observed in Romania bear similarities to operations in other neighboring countries where Russian involvement is more clearly documented, suggesting a broader regional strategy.
5. Domestic Concerns:
   • Romanian officials and experts have expressed alarm over the surge of foreign-funded online propaganda, noting that such efforts appear aimed at influencing public opinion and inciting unrest.

Together, these indicators point to a pattern consistent with Russian hybrid tactics aimed at sowing discord and undermining Western cohesion. However, the precise extent of direct Russian involvement remains difficult to verify through open-source evidence alone.

Russia’s interest in destabilizing Romania can be understood through several strategic and geopolitical lenses:

1. Undermining NATO and EU Unity:
   • Romania is a key member of both NATO and the European Union. Destabilizing Romania can weaken the cohesion and effectiveness of these alliances, which Russia views as major counterweights to its influence in Eastern Europe.
2. Hybrid Warfare and Influence Operations:
   • Russia has long employed hybrid warfare tactics—combining disinformation, cyber operations, and covert political interference—to sow discord in neighboring countries. Destabilization helps create internal divisions that can be exploited to erode public trust in democratic institutions.
3. Geopolitical Leverage:
   • By fostering instability in Romania, Russia aims to create a more favorable security environment in its vicinity. This could limit the ability of Western powers to project influence in the region and might pave the way for increased Russian presence or influence.
4. Exploiting Nationalist and Populist Sentiments:
   • Russian-backed disinformation campaigns often amplify existing societal divides, including nationalist and populist sentiments. This can lead to political polarization, making it harder for the government to maintain a united front against external pressures.
5. Destabilizing the Eastern Flank:
   • A destabilized Romania could act as a “pressure valve” for Russian efforts to destabilize the broader Eastern European region. This would further complicate the security landscape for NATO, reducing the deterrence effect along Russia’s western border.

Overall, Russia’s interest in destabilization in Romania aligns with its broader strategy to weaken Western alliances, disrupt the political stability of neighboring states, and enhance its own strategic maneuverability in the region. The weakening of Romania would deprive Moldova of EU and NATO support, enabling the Kremlin to conduct more radical operations against Chișinău.

Earlier, we noted the involvement of Romanian Senator Șoșoacă with Russian military intelligence. The Kremlin had also planned to put forward her candidacy in the upcoming presidential elections.

Calin Georgescu is concerned about being labeled a pro-Russian politician for several interrelated reasons:

1. Electoral Viability:
   In Romania, public sentiment has grown increasingly wary of Russian influence, particularly in light of recent geopolitical events in Ukraine and longstanding historical tensions. Being perceived as pro-Russian could alienate voters who favor strong ties with the West, thus undermining his electoral prospects.
2. National Security Concerns:
   Many Romanians view Russia with suspicion due to its past actions and ongoing regional policies. A pro-Russian stance can raise questions about a candidate’s commitment to Romania’s national security and sovereignty, especially among a public that prioritizes strong defense alliances like NATO.
3. Political Credibility:
   In the current political climate, aligning with Russian interests can damage a politician’s credibility. It may lead to allegations of foreign interference or collusion, which can erode trust among constituents and within the broader political establishment.
4. International Relations:
   Romania’s foreign policy is closely aligned with the EU and NATO. A reputation for being pro-Russian can strain relationships with these key allies, potentially affecting both diplomatic support and economic cooperation, which are vital for Romania’s future.

Overall, the concern is that a pro-Russian label would not only hinder his domestic political ambitions but also jeopardize Romania’s strategic alignment with Western institutions, a stance that has been central to the country’s post-Cold War identity.

Russia will not be happy with what is happening next, Professor Gerdes says

Experts say the case underscores the lengths Tehran will go to in order to silence its critics

(NewsNation) — The Los Angeles district attorney said he is against resentencing for the Menendez brothers saying they “fall short” of showing “full insight” into their crimes and “completely accepting responsibility for their actions.”

District Attorney Nathan Hochman made the announcement Monday saying they will be asking the court to withdraw a resentencing motion by a previous district attorney and will present arguments in a court initiated hearing on the matter.

“They [the brothers] do not meet the standards for rehabilitation,” he said.

Hochman then went into a detailed timeline of the murders showing that the brothers maintained the self defense narrative knowing it was concocted after the killings.

“The jury was never asked to render a verdict on sexual abuse. It was all about self defense,” he said.

Hochman said there are “16 lies that remain to this day” that the brothers have maintained about self defense.

However, Hochman said he will consider resentencing in the future if the brothers “unequivocally, sincerely and fully accept complete responsibility for all their criminal actions” and acknowledge that the self defense narrative was fabricated by them.

Erik and Lyle Menendez, who have been in prison for nearly three decades after the 1989 killing of their parents, had also been pushing for a new trial. Hochman cast doubt over the evidence they cited and opposed their petition, calling the brothers’ sexual abuse claims “untrustworthy.”

The brothers’ case was re-opened in October of last year, when then-District Attorney George Gascón announced that his office would reexamine the case in light of the new evidence, which included a letter alleging sexual abuse purportedly written by Erik Menendez just months before he and his brother, Lyle, fatally shot their parents in Beverly Hills. 

Following an initial mistrial, the Menendez brothers were convicted and sentenced to life imprisonment in 1996 without possibility of parole. The brothers were 21 and 18 at the time. 

The Menendez brothers, now in their 50s, have spent nearly 30 years in prison. According to family member Tamara Goodell, they have “created careers for themselves” while incarcerated, starting numerous peer support groups and initiatives.

The case has gained new traction after Netflix began streaming the true-crime drama “Monsters: The Lyle and Erik Menendez Story.”

The Associated Press contributed to this story.

(NewsNation) — Despite a dramatic decrease in migrant encounters in the Rio Grande Valley, officials at the southern border said cartel human smuggling operations show no signs of slowing down.

Migrant apprehensions in the area have dropped to just around 100 per day under the Trump administration — a stark contrast to the reported 2,000 daily crossings just a year ago.

NewsNation joined Border Patrol agents in the Rio Grande Valley to see firsthand the stark contrast between quieter border activity and continued cartel smuggling operations.

The area remains a known smuggling hotspot. And as NewsNation followed agents, children’s clothing and personal belongings were visibly scattered along the trail — a reminder that family units and single adults from Central America continue to be moved through the sector.

Agents said it’s common to see clothing left behind as migrants rush to avoid capture. Hundreds of discarded wristbands also littered the ground.

Border Patrol agents told NewsNation these wristbands are not just random trash but are a form of control, with cartels using them to track and manage migrants throughout their journey.

Each color and label represents a different smuggling network. Some say “Mexicanos,” others say “Entregas” — which translates to “deliveries.”

“Let me lowball here and say that the illegal alien wearing this wristband paid $1,000 to cross the Rio Grande, and I’m going pretty low here,” Christina Smallwood, an agent with the Rio Grande Valley Border Patrol, told NewsNation.

“This just shows you how much money the cartel made off human smuggling,” she said.

Agents also told NewsNation that migrants wearing the wristbands often pay extra money to cartels so that if they are deported, they can cross again without paying a second time.

Despite a more quiet border, challenges remain — staying one step ahead of cartels and dismantling their human smuggling networks is a constant battle for Border Patrol agents, they said.

After an apprehension, Border Patrol agents must conduct background checks. If the migrants have no criminal record, they can be removed or deported within hours. In many cases, Border Patrol uses buses to transport migrants to an entry point, where they are handed over to Mexican authorities.

Migrants crossing illegally are being removed and deported much faster than in the past — in some cases, within just an hour of apprehension, without the probability of seeing or waiting for a judge. 

The sound of bagpipes will once again echo through Park Slope on Sunday, March 16, as the Brooklyn St. Patrick’s Parade marks its milestone 50th anniversary — a celebration of Irish pride, Gaelic history, and the timeless spirit of the famous Irish blessing: “May the road rise up to meet you.”

For half a century, that blessing has embodied Brooklyn’s largest St. Patrick’s Day observance, with the streets of Park Slope rising to meet marchers as they step off from Bartel-Pritchard Square.

What began in 1975 as a way to honor both Irish heritage and America’s bicentennial has cemented itself as Kings County’s longest-running St. Patrick’s Day parade. This year, its committee and marchers will reflect on five decades, honoring “Faith, Heritage, History, Tribute and Remembrance” — a motto organizers say has guided the march since its inception.

“Fifty years on the streets of Brooklyn,” said Mary Hogan, parade co-chairperson and historian. “It is our Catholic faith and our rich Irish heritage that keeps people coming back each year.”

The first Brooklyn St. Patrick’s Parade was held in 1976, with Thomas J. Cuite, then majority leader of the New York City Council, serving as its inaugural grand marshal.

One year earlier, a group of Brooklyn Irish American citizens — Kaye Brideson, Joan McLaughlin, John Carroll, Richard Henry, Ann McAvey, Peter Heaney and Kathleen McDonagh — came up with the idea for a parade to recognize the vast contributions of the Irish in America.

Since then, Hogan said, the parade has paid tribute to Irish immigrants’ influence on the borough and beyond — from their roles in the church and uniformed services to labor, law, education, and healthcare. Each year’s parade carries a theme highlighting key moments in Irish and American history, from the Great Hunger to the role of the Irish in building the New York City subway system.

One of the parade’s longstanding traditions is commemorating the Battle of Brooklyn, fought in August 1776. The Maryland 400, a small but valiant regiment of Irish soldiers, held off a much larger British force near the Old Stone House in Park Slope, allowing George Washington’s army to escape and fight another day.

Hogan credits the parade’s ties to history with some of its earliest honorees — including late parade historian Joe Ferris, who was the parade’s Grand Marshal in 1978 and the original keeper of the march’s extensive oral history. “We are proud to continue in Joe’s footsteps by each year adding to this document as the tradition continues,” reads the most recent iteration, which Hogan shared with Brooklyn Paper.

But parade day is more than just a march — it’s a “Brooklyn family reunion.”

Generations of marchers, volunteers and spectators return year after year to celebrate their heritage. The parade’s honorees hail from all corners of Brooklyn — and some from out of state.

One of this year’s honorees, Deirdre Brennan-Pritchett, makes the journey from Texas back to her Brooklyn roots. Her connection to the parade runs deep — her mother, Mary Brennan, was a dedicated volunteer from the parade’s earliest days. The only reason she missed the first parade, family members say, was that she was pregnant with Deirdre.

Brennan, who died in January, was a cherished member of the committee. This year’s parade will be held in her honor.

“Parade day is like a Brooklyn family reunion,” Hogan said. “Many who have moved to other areas come back for the day. There is a festive atmosphere in Brooklyn on parade day. It’s a great day for the Irish and for Brooklyn.”

As the Brooklyn St. Patrick’s Parade celebrates its 50th year, organizers are looking not only back but also ahead — and they’re calling on the next generation to help carry the torch.

“Thank you to everyone who has contributed to this great Brooklyn tradition,” Hogan said. “We call on the young people from all over Brooklyn to keep this tradition going for another 50 years.”

The 50th Annual Brooklyn St. Patrick’s Day Parade will step off at 1 p.m. at Prospect Park West and 15th Street before making its way through the heart of Park Slope.

Grand Marshal Martin J. Cottingham, a longtime supporter of Irish culture and the Great Irish Fair, will lead this year’s procession.

Fellow honorees include Mary O’Brien of the U.I.C. Association of NY in County Cavan; Grace-Marie O’Donnell, a retired NYPD sergeant with the Uniformed Services; Timothy N. Cowen of the NY Corrections Dept Emerald Society; Kieran McGirl of the Ancient Order of Hibernians, Division 19 in Gerritsen Beach; Geoffrey Cobb, an Irish culture historian and author; Matt Hogan, owner of the Irish Haven in Sunset Park; Edwina Russell of the Ladies Ancient Order of Hibernians, Division 6 in Greenpoint; Maureen O’Dea, an educator at PS 284 in Brownsville and a social worker; and Brennan-Pritchett, a lifetime parade volunteer and “aide-at-large.”

The United States was added Sunday to the CIVICUS Monitor Watchlist, a research tool that publicizes the status of freedoms and threats to civil liberties worldwide. 

The move comes amid President Donald Trump’s “assault on democratic norms and global cooperation,” said CIVICUS—a global alliance and network of civil society groups, including Amnesty International, that advocates for greater citizen action in areas where civil liberties are limited—in a press release. The organization also cited the Administration’s cut of more than 90% of its foreign aid contracts and its crackdown on diversity, equity, and inclusion (DEI)—which Trump called “illegal and immoral discrimination programs”—through executive action.

[time-brightcove not-tgx=”true”]

“The Trump Administration seems hellbent on dismantling the system of checks and balances which are the pillars of a democratic society,” said Mandeep Tiwana, Interim Co-Secretary General of CIVICUS, in a press release. “Restrictive Executive Orders, unjustifiable institutional cutbacks, and intimidation tactics through threatening pronouncements by senior officials in the Administration are creating an atmosphere to chill democratic dissent, a cherished American ideal.”

Other countries on the watchlist include the Democratic Republic of Congo, Italy, Pakistan, and Serbia. 

CIVICUS outlines the state of civil rights through five categories—open, narrowed, obstructed, repressed, and closed. “Open” is the highest ranking, meaning all people are able to practice liberties such as free speech, and the lowest is “closed.” Per CIVICUS, instances that result in a “decline in open civic space” include “repressive legislation that curtails free speech and dialogue, obstacles to civil society activities and operations and crackdowns on civil disobedience and peaceful demonstrations.”

The U.S. has been classified as “narrowed.” The “narrowed” label is CIVICUS’ assessment that while most people are able to exercise their rights of expression, free speech, and assembly, there are some attempts to violate these rights by the government. For example, CIVICUS cited crackdowns on pro-Palestinian protestors during the Biden Administration, after advocates took to the streets and staged college encampments to voice their discontent with the military assistance and funding the U.S. was sending to Israel. Students participated in demonstrations to demand their schools divest from any companies that profit from or have a relationship with Israel. 

“We urge the United States to uphold the rule of law and respect constitutional and international human rights norms,” said Tiwana. “Americans across the political spectrum are appalled by the undemocratic actions of the current Administration.”

The White House did not immediately respond to TIME’s request for comment.

The “narrowed” category also reflects CIVICUS’ assessment that while there is an existing free press, there may be restrictions due to regulation or political pressure on media owners.

This comes at a time when the editorial decisions made by major media organizations and governing bodies have prompted much discussion. 

In February, the Federal Communications Commission launched an investigation into NPR and PBS due to concerns that they were “violating federal law by airing commercials,” which both newsroom CEOs deny. The FCC chair also spoke out against public funding for the two news sites.

Jeff Bezos, Amazon CEO and owner of the Washington Post, directed the organization to change the scope of its opinion pages in February, informing the team that they will be writing “in support and defense of two pillars: personal liberties and free markets.”

“We’ll cover other topics too of course, but viewpoints opposing those pillars will be left to be published by others,” Bezos said in his note to the Post team. 

That same month, the White House announced its press team will pick the reporters who participate in the press pool—a move the White House press secretary Karoline Leavitt said is about “restoring power back to the American people, who President Trump was elected to serve.” However, many journalism advocates criticized the act. “This move tears at the independence of a free press in the United States. It suggests the government will choose the journalists who cover the president. In a free country, leaders must not be able to choose their own press corps,” the White House Correspondents’ Association said in a statement on Feb. 25. 

The White House is also currently ensnared in a lawsuit brought forward by the Associated Press. The news organization has sued three Trump Administration officials—including Leavitt—after it was barred from access to the White House press briefings because it refused to change its editorial style and refer to the Gulf of Mexico as the “Gulf of America,” after Trump renamed it in an Executive Order he signed in January.

Syria is experiencing its deadliest outbreak of violent clashes since the new government took power three months ago.

A friend called recently asking about measles. She’s the mother of four very young kids and wanted to know if she should be worried. She’d heard about the large measles outbreak in northwest Texas. Since January, more than 159 people are known to have been infected, and the outbreak has resulted in two deaths and dozens of hospitalizations. Now, this measles outbreak has spread into nine other states, and there’s an alert to travelers passing through the Los Angeles Airport.

[time-brightcove not-tgx=”true”]

Contrary to statements by Health Secretary Robert F. Kennedy Jr., outbreaks of this deadly disease are highly unusual. The U.S. declared measles eliminated more than 20 years ago, thanks to an exceptionally safe and effective vaccine. But efforts to undermine confidence in that vaccine have contributed to these recent outbreaks. There are things we can do, individually and collectively, to protect our most vulnerable and hopefully eliminate measles in this country again.

My friend understands the settled evidence behind the safety and efficacy of vaccines. She’s following the vaccine schedule her pediatrician recommended. Measles vaccines are among the most protective shots we have, so when she gets her kids vaccinated, they are protected. But the large outbreaks we are starting to see are still creating risks, including among our very youngest kids, our immunocompromised kids, and even among vulnerable adults.

Measles vaccines are highly effective: 93% after the first dose, 99% after the second dose. The problem is the timing. The first dose is not recommended until a child is 12 to 15 months old, and the second dose usually between the ages of 4 and 6. Infants have some passive immunity from their mom’s antibodies for the first 6 months, but not enough to be fully protective, which is why the U.S. Centers for Disease Control and Prevention strongly recommends that parents of children too young to be vaccinated avoid travel to areas with measles outbreaks.

Read More: What to Know About the Measles Vaccine

All children under the age of 1, before they get their first measles vaccine, are at risk if they come near someone with measles. Given that measles is one of the most contagious diseases on Earth, outbreaks mean we are likely to see more infections among children in this age range, including kids whose parents fully intend to vaccinate. And while the first dose is highly protective, the best protection comes after the second dose, which is usually given when a child is ready to start school. Between those two doses, children may still be at some risk, especially if they come into repeated contact with measles from others refusing or unable to be vaccinated.

Beyond the youngest kids, two other groups need special attention. The first is children who are immunocompromised. Some of these children, such as those undergoing cancer treatment, cannot get the measles vaccine because the vaccine is a weakened form of the live virus, and in someone who is immunocompromised, it can actually cause the disease. Therefore, these immunocompromised kids rely on high levels of population immunity to protect them. When population vaccination rates fall below 95%, the virus can begin to circulate, and vulnerable children can become infected and will get very sick if they do.

The second potentially vulnerable group are elderly and immunocompromised adults. Most elderly people should have some immunity against measles; people born before 1957 likely had measles, and starting in the 1960s, people started getting vaccinated (though through 1968, the available vaccine was a little less effective). In general, we assume that everyone has lifelong immunity, whether from an infection or vaccines. But we don’t really know for sure. If a senior in her 80s had measles when she was 5, is she still protected? What about an adult undergoing chemotherapy? Immunity in these two populations may hold up fine—but we urgently need studies to better understand the risks of being exposed to measles for these types of individuals. Measles in an elderly or immunocompromised adult who isn’t protected—either because they cannot be vaccinated or because their immunity has not held up over time—is likely to be quite severe. And it is possible that the elderly may need an additional shot to protect them if they live in a high outbreak area. We don’t know, and we can’t make recommendations without data.

Read More: A Study Retracted 15 Years Ago Continues to Threaten Childhood Vaccines

Years of scaremongering about vaccines have led to low vaccination rates in many communities across America. A now-standard refrain is that parents are simply putting their own kids at risk but not harming anyone else. The truth is this: low vaccination rates create risks for many others. They create risks for kids who are still too young to get vaccinated. They create risks for kids who are immunocompromised, who can’t get vaccinated. They may also create risks for older or immunocompromised adults whose immune systems are not robust enough to protect them.

So when my family friend with a child under one called about protecting her children, my advice was clear. Stay away from areas with outbreaks. Get your child vaccinated as soon as they are eligible, and encourage your friends and others in your community to do so, too—because while she can eventually get all of her children protected, no such option exists for the child battling leukemia. And no such option exists for all those who are immunocompromised or at risk because of waning immunity. We owe it to all of them to make sure we stamp out measles in the U.S. again.

Threat actors exploit PHP flaw CVE-2024-4577 for remote code execution. Over 1,000 attacks detected globally.

GreyNoise researchers warn of a large-scale exploitation of a critical vulnerability, tracked as CVE-2024-4577 (CVSS 9.8), in PHP. An attacker could exploit the vulnerability to achieve remote code execution on vulnerable servers using Apache and PHP-CGI.

The flaw CVE-2024-4577 (CVSS score: 9.8) is a PHP-CGI OS Command Injection Vulnerability. The issue resides in the Best-Fit feature of encoding conversion within the Windows operating system. An attacker can exploit the flaw to bypass protections for a previous vulnerability, CVE-2012-1823, using specific character sequences. Consequently, arbitrary code can be executed on remote PHP servers through an argument injection attack, allowing attackers to take control of vulnerable servers.

Since the disclosure of the vulnerability and public availability of a PoC exploit code, multiple actors are attempting to exploit it, reported Shadowserver and GreyNoise researchers.

In June, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

In July 2024, the Akamai Security Intelligence Response Team (SIRT) warned that multiple threat actors were exploiting the PHP vulnerability CVE-2024-4577 to deliver multiple malware families, including Gh0st RAT, RedTail cryptominers, and XMRig.

“Threat actors continued the speedy-time-from-disclosure-to-exploitation trend and were quick to leverage this new vulnerability — we observed exploit attempts targeting this PHP flaw on our honeypot network within 24 hours of its disclosure.” reported Akamai.

At the time, Greynoise researchers also reported malicious attempts of exploitation of the CVE-2024-4577.

“As of this writing, it has been verified that when the Windows is running in the following locales, an unauthorized attacker can directly execute arbitrary code on the remote server:

• Traditional Chinese (Code Page 950)
• Simplified Chinese (Code Page 936)
• Japanese (Code Page 932)

For Windows running in other locales such as English, Korean, and Western European, due to the wide range of PHP usage scenarios, it is currently not possible to completely enumerate and eliminate all potential exploitation scenarios.” continues the advisory. “Therefore, it is recommended that users conduct a comprehensive asset assessment, verify their usage scenarios, and update PHP to the latest version to ensure security.

Akamai researchers also observed threat actors behind the DDoS botnet Muhstik exploiting this vulnerability.

Last week, Cisco Talos researchers reported that an unknown threat actor has been exploiting the flaw since as early as January 2025, predominantly targeting organizations in Japan.  

Now, GreyNoise researches confirm the large scale exploitation of CVE-2024-4577 and warns that it is not limited to Japanese entities. The experts observed a surge in the attacks against the US, the UK, Singapore, Indonesia, Taiwan, Hong Kong, India, and Spain.

“GreyNoise data confirms that exploitation of CVE-2024-4577 extends far beyond initial reports. Attack attempts have been observed across multiple regions, with notable spikes in the United States, Singapore, Japan, and other countries throughout January 2025.” reads the advisory.

GreyNoise detected 1,089 unique IPs exploiting CVE-2024-4577 in January 2025, with attacks spreading beyond Japan to Singapore, Indonesia, the UK, Spain, and India. Over 43% of attacks originate from Germany and China. In February, a coordinated spike in global exploitation suggested increased automated scanning for vulnerable systems.

The company urges users to update their installations as soon as possible.

“Organizations with internet-facing Windows systems exposing PHP-CGI — especially those in these newly identified targeted regions — should follow the guidance provided by Cisco Talos and perform retro-hunts to identify similar exploitation patterns.” concludes GreyNoise.

“Identify and block malicious IPs actively targeting CVE-2024-4577. “

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, PHP-CGI OS Command Injection Vulnerability)