Dark Reading

New Drupal Exploit Mines Monero for Attackers

A newly discovered vulnerability in Drupal has been exploited to turn infected systems into Monero mining bots. Worse, the vulnerability could easily be exploited to do far more than simply steal ...
Threat Post

Muhstik Botnet Exploits Highly Critical Drupal Bug

A botnet has exploited a highly critical Drupal CMS vulnerability, which was previously disclosed by Drupal in March. Researchers are warning a recently discovered and highly critical vulnerability ...
Bleeping Computer

Cloudflare Deploys Firewall Rule to Block New Drupal Exploits

Exploitation attempts of a highly critical vulnerability discovered in the Drupal content management software (CMS) on February 20 were blocked by Cloudflare using Web Application Firewall (WAF) rules ...
Threat Post

Two Critical RCE Bugs Patched in Drupal 7 and 8

Drupal’s advisory also included three patches for “moderately critical” bugs. Drupal is urging users to upgrade to the latest release that fixes two critical remote code execution bugs impacting ...
Bleeping Computer

Exploitation of Drupalgeddon2 Flaw Starts After Publication of PoC Code

The exploitation of a very dangerous Drupal vulnerability has started after the publication of proof-of-concept (PoC) code. The code, hosted on GitHub, was created by Vitalii Rudnykh, a Russian ...
ZDNet

It took hackers only three days to start exploiting latest Drupal bug

Three days --that's the time it took hackers to start launching attacks against Drupal sites using an exploit for a security flaw the CMS project patched last week. The attacks, detected by web ...
ZDNet

Drupal patches 10 security flaws, critical issues

Drupal has released its February patch update with fixes for 10 vulnerabilities, including several which allow attackers to execute code remotely and access website elements which should be blocked.