A ransomware operation with a history of exploiting widespread internet vulnerabilities lost little time in making use of a critical-severity vulnerability in Window installations of web-scripting language PHP.

Imperva Threat Research in a Monday report said TellYouThePass ransomware operators began exploiting the PHP bug, tracked as CVE-2024-4577, hours after researchers released a proof of concept script (see: Critical PHP Vulnerability Threatens Windows Servers).

The TellYouThePass ransomware group, active since 2019, sees opportunity in cyber incidents that have system administrators globally scrambling to patch systems. It was among the cybercriminal groups to jump on the 2021 vulnerability known as Log4Shell. Security researchers say it has a history of appearing in new forms. Chinese network security firm Sangfor spotted it in March.