All owners and admin of Drupal 8 sites: please read:
According to Shodan.io, there are over 85000 active Drupal sites. Perhaps not all of them are version 8, but could be a significant number. And we can only assume many would have enabled API access or installed modules that make them vulnerable to the latest vulnerability ‘Drupal core - Highly critical - Remote Code Execution - SA-CORE-2019-003’, as explained on the Drupal Security Advisory: https://www.drupal.org/sa-core-2019-003.
The vulnerability has been fixed in Drupal 8.6.10 and 8.6.11.
We advise all to patch as soon as possible to prevent losing your Drupal site.