diff --git a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.py b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.py
index 1b8163323ab930..fb14922db51028 100644
--- a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.py
+++ b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.py
@@ -1 +1,4 @@
 from twisted.web.twcgi import CGIScript  # S412
+import twisted.web.twcgi.CGIScript  # S412
+from wsgiref.handlers import CGIHandler  # S412
+import wsgiref.handlers.CGIHandler  # S412
\ No newline at end of file
diff --git a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.pyi b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.pyi
index 087d2ca09a0d77..0c0b3537e4280a 100644
--- a/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.pyi
+++ b/crates/ruff_linter/resources/test/fixtures/flake8_bandit/S412.pyi
@@ -1 +1,4 @@
 from twisted.web.twcgi import CGIScript
+import twisted.web.twcgi.CGIScript
+from wsgiref.handlers import CGIHandler
+import wsgiref.handlers.CGIHandler
\ No newline at end of file
diff --git a/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs b/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs
index a3cb2ae4cd83bb..31f657164b8d04 100644
--- a/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs
+++ b/crates/ruff_linter/src/rules/flake8_bandit/rules/suspicious_imports.rs
@@ -396,6 +396,9 @@ pub(crate) fn suspicious_imports(checker: &Checker, stmt: &Stmt) {
                     "xmlrpc" => {
                         checker.report_diagnostic_if_enabled(SuspiciousXmlrpcImport, name.range);
                     }
+                    "wsgiref.handlers.CGIHandler" | "twisted.web.twcgi.CGIScript" => {
+                        checker.report_diagnostic_if_enabled(SuspiciousHttpoxyImport, name.range);
+                    }
                     "Crypto.Cipher" | "Crypto.Hash" | "Crypto.IO" | "Crypto.Protocol"
                     | "Crypto.PublicKey" | "Crypto.Random" | "Crypto.Signature" | "Crypto.Util" => {
                         checker.report_diagnostic_if_enabled(SuspiciousPycryptoImport, name.range);
diff --git a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S412_S412.py.snap b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S412_S412.py.snap
index c8c325b36e0302..d79dbccc1d6e10 100644
--- a/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S412_S412.py.snap
+++ b/crates/ruff_linter/src/rules/flake8_bandit/snapshots/ruff_linter__rules__flake8_bandit__tests__S412_S412.py.snap
@@ -1,9 +1,36 @@
 ---
 source: crates/ruff_linter/src/rules/flake8_bandit/mod.rs
-snapshot_kind: text
 ---
 S412.py:1:6: S412 `httpoxy` is a set of vulnerabilities that affect application code running inCGI, or CGI-like environments. The use of CGI for web applications should be avoided
   |
 1 | from twisted.web.twcgi import CGIScript  # S412
   |      ^^^^^^^^^^^^^^^^^ S412
+2 | import twisted.web.twcgi.CGIScript  # S412
+3 | from wsgiref.handlers import CGIHandler  # S412
+  |
+
+S412.py:2:8: S412 `httpoxy` is a set of vulnerabilities that affect application code running inCGI, or CGI-like environments. The use of CGI for web applications should be avoided
+  |
+1 | from twisted.web.twcgi import CGIScript  # S412
+2 | import twisted.web.twcgi.CGIScript  # S412
+  |        ^^^^^^^^^^^^^^^^^^^^^^^^^^^ S412
+3 | from wsgiref.handlers import CGIHandler  # S412
+4 | import wsgiref.handlers.CGIHandler  # S412
+  |
+
+S412.py:3:6: S412 `httpoxy` is a set of vulnerabilities that affect application code running inCGI, or CGI-like environments. The use of CGI for web applications should be avoided
+  |
+1 | from twisted.web.twcgi import CGIScript  # S412
+2 | import twisted.web.twcgi.CGIScript  # S412
+3 | from wsgiref.handlers import CGIHandler  # S412
+  |      ^^^^^^^^^^^^^^^^ S412
+4 | import wsgiref.handlers.CGIHandler  # S412
+  |
+
+S412.py:4:8: S412 `httpoxy` is a set of vulnerabilities that affect application code running inCGI, or CGI-like environments. The use of CGI for web applications should be avoided
+  |
+2 | import twisted.web.twcgi.CGIScript  # S412
+3 | from wsgiref.handlers import CGIHandler  # S412
+4 | import wsgiref.handlers.CGIHandler  # S412
+  |        ^^^^^^^^^^^^^^^^^^^^^^^^^^^ S412
   |