A new exploit of a known vulnerability gives an attacker control of the Drupal-hosting server.
A newly discovered vulnerability in Drupal has been exploited to turn infected systems into Monero mining bots. Worse, the vulnerability could easily be exploited to do far more than simply steal resources and performance.
Researchers from the Trend Micro Smart Home Network and IoT Reputation Service Teams found the exploits of CVE-2018-7602, a remote code execution vulnerability in Drupal 7 and 8. While the vulnerability was patched on April 25, 2018, many users have yet to move to the current version, leaving an unknown number of Drupal-based websites vulnerable.