Tech Times

Drupal Core Patch Drops Today: No-Login Flaw Puts Government and University Sites at Immediate Risk

The Drupal Security Team is releasing patches for all supported core branches today, May 20, 2026, between 17:00 and 21:00 ...

Drupal: Critical SQL injection flaw now targeted in attacks

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier ...

Clear your calendar, Drupal user: You have a critically urgent patch to install

The Drupal Security Team’s Monday PSA announcing the imminent patch for Drupal core doesn’t include any specifics, with the ...

Drupal critical update to fix bug with high exploitation risk

Drupal has announced a "core security release" scheduled for later today, warning that threat actors might develop exploits ...
SecurityWeek

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

Drupal has patched CVE-2026-9082, a highly critical vulnerability that could allow threat actors to hack websites.
SecurityWeek

Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation

Drupal is warning users that it’s preparing a patch for a ‘highly critical’ vulnerability that may be exploited shortly after ...
Dark Reading

New Drupal Exploit Mines Monero for Attackers

A newly discovered vulnerability in Drupal has been exploited to turn infected systems into Monero mining bots. Worse, the vulnerability could easily be exploited to do far more than simply steal ...
Threat Post

Muhstik Botnet Exploits Highly Critical Drupal Bug

A botnet has exploited a highly critical Drupal CMS vulnerability, which was previously disclosed by Drupal in March. Researchers are warning a recently discovered and highly critical vulnerability ...
Threat Post

Two Critical RCE Bugs Patched in Drupal 7 and 8

Drupal’s advisory also included three patches for “moderately critical” bugs. Drupal is urging users to upgrade to the latest release that fixes two critical remote code execution bugs impacting ...