Crooks are attempting to exploit a recently patched Drupal vulnerability, tracked as CVE-2018-7602, to drop Monero mining malware onto vulnerable systems.
The CVE-2018-7602 flaw is a highly critical remote code execution issue, also known as Drupalgeddon3, that was addressed by the Drupal team in
April with the release of versions 7.59, 8.4.8 and 8.5.3.
The security patch for the flaw only works if the fix for the original Drupalgeddon2 vulnerability (CVE-2018-7600) has been installed on the install.
Full Article.