#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

drupal hacked | Breaking Cybersecurity News | The Hacker News

Category — drupal hacked
Hackers Actively Exploiting Latest Drupal RCE Flaw Published Last Week

Hackers Actively Exploiting Latest Drupal RCE Flaw Published Last Week

Feb 26, 2019
Cybercriminals have actively started exploiting an already patched security vulnerability in the wild to install cryptocurrency miners on vulnerable Drupal websites that have not yet applied patches and are still vulnerable. Last week, developers of the popular open-source content management system Drupal patched a critical remote code execution (RCE) vulnerability (CVE-2019-6340) in Drupal Core that could allow attackers to hack affected websites. Despite releasing no technical details of the security vulnerability, the proof-of-concept (PoC) exploit code for the vulnerability was made publicly available on the Internet just two days after the Drupal security team rolled out the patched version of its software. Now, security researchers at data center security vendor Imperva discovered a series of attacks—that began just a day after the exploit code went public—against its customers' websites using an exploit that leverages the CVE-2019-6340 security flaw. The attacks or...
Another Critical Flaw in Drupal Discovered — Update Your Site ASAP!

Another Critical Flaw in Drupal Discovered — Update Your Site ASAP!

Feb 21, 2019
Developers of Drupal—a popular open-source content management system software that powers millions of websites—have released the latest version of their software to patch a critical vulnerability that could allow remote attackers to hack your site. The update came two days after the Drupal security team released an advance security notification of the upcoming patches, giving websites administrators early heads-up to fix their websites before hackers abuse the loophole. The vulnerability in question is a critical remote code execution (RCE) flaw in Drupal Core that could "lead to arbitrary PHP code execution in some cases," the Drupal security team said. While the Drupal team hasn't released any technical details of the vulnerability (CVE-2019-6340), it mentioned that the flaw resides due to the fact that some field types do not properly sanitize data from non-form sources and affects Drupal 7 and 8 Core. It should also be noted that your Drupal-based website ...
The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025

The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025

Feb 06, 2025AI Security / Cybersecurity
Privileged Access Management (PAM) has emerged as a cornerstone of modern cybersecurity strategies, shifting from a technical necessity to a critical pillar in leadership agendas. With the PAM market projected to reach $42.96 billion by 2037 (according to Research Nester), organizations invest heavily in PAM solutions. Why is PAM climbing the ranks of leadership priorities? While Gartner highlights key reasons such as enhanced security, regulatory compliance readiness, and insurance requirements, the impact of PAM extends across multiple strategic areas. PAM can help organizations enhance their overall operational efficiency and tackle many challenges they face today. To explore more about PAM's transformative impact on businesses, read The Cyber Guardian: PAM's Role in Shaping Leadership Agendas for 2025 by a renowned cybersecurity expert and former Gartner lead analyst Jonathan Care.  What cybersecurity challenges may organizations face in 2025? The cybersecurity landsca...
CryptoPHP Backdoor Hijacks Servers with Malicious Plugins & Themes

CryptoPHP Backdoor Hijacks Servers with Malicious Plugins & Themes

Nov 24, 2014
Security researchers have discovered thousands of backdoored plugins and themes for the popular content management systems (CMS) that could be used by attackers to compromise web servers on a large scale. The Netherlands-based security firm Fox-IT has published a whitepaper revealing a new Backdoor named "CryptoPHP . " Security researchers have uncovered malicious plugins and themes for WordPress, Joomla and Drupal . However, there is a slight relief for Drupal users, as only themes are found to be infected from CryptoPHP backdoor. In order to victimize site administrators, miscreants makes use of a simple social engineering trick. They often lured site admins to download pirated versions of commercial CMS plugins and themes for free. Once downloaded, the malicious theme or plugin included backdoor installed on the admins' server. "By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Learn how CUAs like OpenAI Operator can be used by attackers to automate account takeover and exploitation.
Drupal resets 1 Million Passwords after Data Breach

Drupal resets 1 Million Passwords after Data Breach

May 31, 2013
A Drupal data breach was announced by the official Drupal Association, that Passwords for almost one million accounts on the Drupal.org website are being reset after hackers gained unauthorized access to sensitive user data. The security of the open source content management system has been compromised via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. As countermeasure it is resetting the passwords for nearly one million accounts in the wake of a data breach . Information exposed includes usernames, email addresses, and country information, as well as hashed passwords . The Drupal.org hasn't revealed the name of the third-party application exploited during the attack. Evidence of the Drupal data breach was found during a routine security audit: " Upon discovering the files during a security audit, we shut down the association.drupal.org website to mitigate any possible ongoing security i...
Expert Insights / Articles Videos
Cybersecurity Resources