Critical Security Leak in all Joomla Versions, please update immediatly

The Joomla! team released today a new version with some security hardenings and fixing a critical security leak in all joomla versions.

The critical security leak was already used in the wild. This means it is not a leak, which was disovered by an audit, it is security issue which is already exploited. blogged about

Protect Your Site Now

If you are a Joomla user, check your logs right away. Look for requests from or as they were the first IP addresses to start the exploitation. I also recommend searching your logs for “JDatabaseDriverMysqli” or “O:” in the User Agent as it has been used in the exploits. If you find them, consider your Joomla site compromised and move to the remediation / incident response phase.

For securing your joomla 1.5/2.5 pages, just follow this link It is basically replacing one file.

We post this news, because some of our core members discovered this IPs in his logs. Not a VirtueMart page, but as far as we know it wouldnt make a difference.