Drupal

Pierluigi Paganini April 26, 2018
CVE-2018-7602 – Drupal addressed a new vulnerability associated with Drupalgeddon2 flaw

The new flaw tracked as CVE-2018-7602, is a highly critical remote code execution issue, Drupal team fixed it with the release of versions 7.59, 8.4.8 and 8.5.3. Drupal team has released updates for versions 7 and 8 of the popular content management system (CMS) to address the recently disclosed CVE-2018-7600 Drupalgeddon2 flaw. The new flaw tracked as CVE-2018-7602, is a highly […]

Pierluigi Paganini April 19, 2018
Experts are observing Drupalgeddon2 (CVE-2018-7600) attacks in the wild

After the publication of a working Proof-Of-Concept for Drupalgeddon2 on GitHub experts started observing attackers using it to deliver backdoors and crypto miners. At the end of March, the Drupal Security Team confirmed that a “highly critical” vulnerability (dubbed Drupalgeddon2), tracked as CVE-2018-7600, was affecting Drupal 7 and 8 core and announced the availability of security updates on March 28th. The […]

Pierluigi Paganini April 13, 2018
Experts warn threat actors are scanning the web for Drupal installs vulnerable to Drupalgeddon2

After the publication of a working Proof-Of-Concept for Drupalgeddon2 on GitHub for “educational or information purposes,” experts started observing bad actors attempting to exploit the flaw. At the end of March, the Drupal Security Team confirmed that a “highly critical” vulnerability (dubbed Drupalgeddon2), tracked as CVE-2018-7600, was affecting Drupal 7 and 8 core and announced the availability of security updates on […]

Pierluigi Paganini March 29, 2018
Drupal finally addressed the critical CVE-2018-7600 Drupalgeddon2 vulnerability

The Drupal development team has fixed the drupalgeddon2 vulnerability that could be exploited by an attacker to take over a website. A few days ago, Drupal Security Team confirmed that a “highly critical” vulnerability, tracked as CVE-2018-7600, affects Drupal 7 and 8 core and announced the availability of security updates on March 28th. The vulnerability was discovered […]

Pierluigi Paganini February 23, 2018
Drupal addressed several vulnerabilities in Drupal 8 and 7

The Drupal development team addressed many vulnerabilities in both Drupal 8 and 7, including some flaws rated as “critical”. Drupal maintainers have fixed many vulnerabilities in Drupal 7 and 8, including some flaws rated as “critical.” One of the critical security vulnerabilities is related to partial cross-site scripting (XSS) prevention mechanisms that was addressed with Drupal 8.4.5 and 7.57 […]

Pierluigi Paganini June 22, 2017
Drupal fixes the CVE-2017-6922 flaw exploited in spam campaigns in the wild

Drupal team released security updates to fix several vulnerabilities, including the critical access bypass flaw CVE-2017-6922 exploited in spam campaigns. The Drupal development team has released security updates to fix several vulnerabilities, including the critical access bypass flaw tracked as CVE-2017-6922 that has been exploited in spam campaigns. The CVE-2017-6922 flaw was fixed with the […]

Pierluigi Paganini April 19, 2017
Critical vulnerability in Drupal References Module opens 120,000 Sites to hack

A critical vulnerability affects the Drupal References module that is used by hundreds of thousands of websites using the popular CMS. The Drupal security team has discovered a critical vulnerability in a third-party module named References. The Drupal team published a Security advisory on April 12 informing its users of the critical flaw. The flaw has a huge impact on […]

Pierluigi Paganini March 16, 2017
Drupal version 8.2.7 address multiple vulnerabilities in the current version of the popular CMS

Drupal development team has issued a new release of the popular content management system (CMS), Drupal version 8.2.7, that fixes multiple vulnerabilities. The Drupal development team has released the Drupal version 8.2.7 that addressed a number of vulnerabilities in the popular CMS. The list of flaws includes an access bypass issue, a cross-site request forgery […]

Pierluigi Paganini November 18, 2016
Drupal releases security updates to fix four vulnerabilities in versions 7, 8

Drupal developers have released updates for versions 7 and 8 that fix security issues which could expose websites to cyber attacks. The Drupal development team has released security updates for versions 7 and 8. The updates fix security vulnerabilities that could expose websites running on the popular CMS and data they manage to security risks, […]

Pierluigi Paganini September 26, 2016
Security firm Sucuri analyzed tens of thousands of compromised websites

Security firm Sucuri published a detailed study, titled Hacked Website Report for 2016/Q2, on compromised websites on the Internet. According to the security expert Daniel Cid from Sucuri, at least 15,769 WordPress websites have been compromised this year. Sucuri has published a report, titled Hacked Website Report for 2016/Q2, related compromised websites on the web. The […]