The Drupal Security Team is releasing patches for all supported core branches today, May 20, 2026, between 17:00 and 21:00 ...

The Drupal Security Team’s Monday PSA announcing the imminent patch for Drupal core doesn’t include any specifics, with the ...

Exploitation attempts of a highly critical vulnerability discovered in the Drupal content management software (CMS) on February 20 were blocked by Cloudflare using Web Application Firewall (WAF) rules ...

Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier ...

A botnet has exploited a highly critical Drupal CMS vulnerability, which was previously disclosed by Drupal in March. Researchers are warning a recently discovered and highly critical vulnerability ...

Drupal has patched CVE-2026-9082, a highly critical vulnerability that could allow threat actors to hack websites.

Drupal CVE-2026-9082 exploitation hit 15,000 attempts across 65 countries, forcing urgent patches by May 27, 2026.

Drupal is warning users that it’s preparing a patch for a ‘highly critical’ vulnerability that may be exploited shortly after ...

Drupal’s advisory also included three patches for “moderately critical” bugs. Drupal is urging users to upgrade to the latest release that fixes two critical remote code execution bugs impacting ...

A newly discovered vulnerability in Drupal has been exploited to turn infected systems into Monero mining bots. Worse, the vulnerability could easily be exploited to do far more than simply steal ...

In a year filled with horrible security blunders we may have a winner for worst of the year with eight weeks still to go. We knew two weeks ago when the Drupal team disclosed a really, really bad SQL ...

Malicious hackers wasted no time exploiting a critical bug in the Drupal content management system that allows them to execute malicious code on website servers. Just hours after maintainers of the ...