In two short weeks, Drupal’s security woes went from bad to worse as a major security flaw dubbed Drupalgeddon 2 morphed from proof-of-concept to widespread infection.
Drupalgeddon 2 affects all versions of the open source content management system, and has now begun to yield widespread incidents of cryptojacking, distributed denial of service (DDoS) attacks, and other botnet-driven hacks.
The signs of larger botnets and criminal networks implicated in attacks on vulnerable servers, in addition to the release of yet another proof-of-concept hack this month point to still more trouble on the horizon.
Drupal administrators and cybersecurity experts alike are increasingly concerned about the full scope and damage likely to be posed by these exploits. While the full impact on Drupal’s market share has yet to be determined, it’s unlikely to reverse its continuing decline over the last several years.
Read more about the issue here.