A “highly critical” vulnerability in the Drupal content management system has been exploited. Attackers can use the vulnerability to install cryptocurrency miners and other malicious software on vulnerable sites. The vulnerability affects a substantial portion of Drupal installations, experts say. Security experts warn that the exploit continues to work even for sites that have yet to install updates but have applied Drupal’s recommended workarounds to at least mitigate the flaw. The Drupal project team recommends that all users immediately apply the updates, including sites in government and financial services.”]
Source: https://www.cuinfosecurity.com/cryptocurrency-miners-exploit-latest-drupal-flaw-a-12055