This past March and April, the Drupal Security Team announced two highly critical security patches: “Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002” and ”Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-004”. First off, before I go any further, if you operate a Drupal site and have not applied these patches already, please patch your site right now. Unfortunately (and not to get too pessimistic), if your site has some traffic and the patch has not been applied, your site is most likely already hacked. If your site was exploited, please visitYour Drupal site got hacked. Now what?immediately.