We advise you to do not ignore Drupal updates because both critical flaws allow remote code execution (RCE), the first of which is in the PHP DefaultMailSystem::mail() backend affecting Drupal core versions 7.x and 8.x.
The second critical flaw affecting Drupal 8.x lays in the contextual links module not validating contextual links. To exploit this a hacker still needs to meet some strict requirements.
Hackers can use this parameter to make an URL that will trick users into being redirected to a 3rd party website exposing the users to potential social engineering attacks.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
To fix this the developers had to make changes to ModerationStateConstraintValidator, StateTransitionValidationInterface, and user permissions. Be aware this issue has backwards compatibility in some cases.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.