These versions are currently being supported with security updates:

To report a security issue in the core Joomla! CMS or Framework, or with a joomla.org website, please submit the form on our portal containing as much detail as possible about the issue. Additional information about our security team and their processes may be found on our Security page.

To report an issue in a Joomla! extension, please submit it to the Vulnerable Extensions List.

For support with a site which has been attacked, please visit the Joomla! Forum.