Sites running the popular web Content Management System (CMS) Joomla have been targeted by large-scale attacks recently. Joomla’s developers have responded by publishing a fixed version, Joomla 3.4.6.
Anyone who operates a Joomla-based web site should stop what they’re doing and install the necessary updates immediately.
Update 2015Dec23: Joomla developers discovered that a bug in PHP – the language in which Joomla is developed – would likely lead to more vulnerabilities in Joomla. The PHP bug has been fixed, but that won’t help sites that are running older versions of PHP. Recognizing this, the Joomla developers released another update (Joomla 3.4.7) that addresses the underlying vulnerability.