heise online

Security updates for Drupal: Malicious code attacks on web browsers possible

Poor input validation makes previous versions of Drupal vulnerable. If the conditions are right, attackers can execute malicious code in the victim's web browser via compromised websites created with ...
Ars Technica

Drupal users take cover—code-execution bug is being actively exploited [updated]

Malicious hackers wasted no time exploiting a critical bug in the Drupal content management system that allows them to execute malicious code on website servers. Just hours after maintainers of the ...