ZDNet

A year after patch, Drupalgeddon2 is still being employed in cybercriminal attacks

A remote code execution (RCE) vulnerability patched over a year and a half ago is still being actively employed in attacks against high-profile websites. According to cybersecurity researchers from ...
Ars Technica

“Drupalgeddon2” touches off arms race to mass-exploit powerful Web servers

Attackers are mass-exploiting a recently fixed vulnerability in the Drupal content management system that allows them to take complete control of powerful website servers, researchers from multiple ...