Three-month-old Drupal vulnerability is being used to deploy cryptojacking malware

The update was deemed critical, but users who haven't applied the patch are being targeted by attackers deploying cryptocurrency miners.