VERY IMPORTANT

One of the most recent examples of this onslaught lies in a critical vulnerability discovered in PHP (versions 8.1.*, before 8.1.29, 8.2.* before 8.2.20, and 8.3.* before 8.3.8). The vulnerability is caused by the way PHP and CGI handlers parse certain Unicode characters, which can enable an attacker to achieve remote code execution (RCE). This vulnerability is incredibly simple to exploit, and we have observed a wide variety of threat actors taking advantage of the flaw to target vulnerable devices.