Security team warns of “highly critical” security risk facing all users of Drupal version 7. Drupal vulnerability allows attackers to inject code into a site and seize control of it. Attackers can then use the site to target website visitors with drive-by malware attacks, as well as relay spam and launch distributed-denial-of-service attacks. Security experts have lauded the Drupal team for not attempting to downplay the threat. “This is an alarmingly candid, highly critical warning on Drupal security,” says software architect Troy Hunt.”]
Source: https://www.bankinfosecurity.com/mass-attack-hacks-drupal-a-7500