A year after patch, Drupalgeddon2 is still being employed in cybercriminal attacks

A remote code execution (RCE) vulnerability patched over a year and a half ago is still being actively employed in attacks against high-profile websites. According to cybersecurity researchers from Akamai, the bug, which impacts the open source Drupal content management system (CMS) used to manage websites, is being exploited through malicious .GIF files.

Read full article on ZDNet