Security firm Malwarebytes says it is still finding unpatched websites that have been exploited to host cryptocurrency miners or redirect to malware. The problems stem from two critical vulnerabilities in Drupal, both of which are remotely executable. The first flaw, CVE-2018-7600, was revealed March 28, and the second on April 25. The vulnerabilities were so severe that they were dubbed ‘Drupalgeddon 2 and Drupalgeddon 3’ The number of Drupal-using websites that are being compromised continues to rise.”]
Source: https://www.cuinfosecurity.com/websites-still-under-siege-after-drupalgeddon-redux-a-11018