Thursday, April 26, 2018

Drupal hacked in hours after new release

Five hours after the Drupal team published a security update for the Drupal CMS, hackers have found a way to weaponize the patched vulnerability, and are actively exploiting it in the wild.

The Drupal team released Drupal v7.59, v8.4.8, and v8.5.3 to patch CVE-2018-7602.
Seven hours after the patch, and two hours after the first in-the-wild attacks were reported, a user named Blaklis also published weaponized proof-of-concept code for CVE-2018-7602 on Pastebin.

No comments:

Post a Comment