More than 115,000 sites are still vulnerable to a highly critical Drupal bug – even though a patch was released three months ago.

Hundreds of sites vulnerable to ‘Drupalgeddon 2.0’ have been impacted by a massive cryptomining campaign.

A botnet has exploited a highly critical Drupal CMS vulnerability, which was previously disclosed by Drupal in March.

Drupal developers are urged to patch a bug that allows attackers to take over a site simply by visiting it.

Drupal is giving developers ample time to prepare for an update that patches a “highly critical” flaw because exploits might be developed within hours or days of disclosure.

A critical flaw in Drupal CMS platform could allow unwanted access to the platform allowing a third-party to view, create, update or delete entities.

Developers with Drupal patched three vulnerabilities, one critical, one being exploited in the wild, in Drupal’s core engine on Wednesday.

Drupal released a point update for its core engine to patch a critical access bypass vulnerability.

A critical PHPMailer bug tied to the way websites handle email and feedback forms is leaving millions of websites hosted on popular web-publishing platforms such as WordPress, Drupal and Joomla open to attack.

Drupal fixed a handful of issues in version 7 and 8 of the content management system core engine that could have led to cache poisoning, social engineering attacks, and a denial of service condition.