Drupal: Critical SQL injection flaw now targeted in attacks

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier ...
SecurityWeek

Drupal Patches Highly Critical Vulnerability Exposing Websites to Hacking

Drupal has patched CVE-2026-9082, a highly critical vulnerability that could allow threat actors to hack websites.
The Hacker News

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

Drupal CVE-2026-9082 exploitation hit 15,000 attempts across 65 countries, forcing urgent patches by May 27, 2026.
CSO Online

Drupal admins rushing to patch maximum severity SQL injection vulnerability

In its warning, Drupal said a vulnerability in this API allows an attacker to send specially crafted requests resulting in ...
SecurityWeek

Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation

Drupal is warning users that it’s preparing a patch for a ‘highly critical’ vulnerability that may be exploited shortly after ...
Tech Times

Drupal Core Patch Drops Today: No-Login Flaw Puts Government and University Sites at Immediate Risk

The Drupal Security Team is releasing patches for all supported core branches today, May 20, 2026, between 17:00 and 21:00 ...
Opinion

Data Brokers’ and AI Firms’ Opt-Out Forms Are Built to Fail, Report Finds

A new study finds AI companies, defense firms, and dating apps are among 38 data collectors allegedly using manipulative design to confuse users while collecting their data.