Tech Times

Drupal Core Patch Drops Today: No-Login Flaw Puts Government and University Sites at Immediate Risk

The Drupal Security Team is releasing patches for all supported core branches today, May 20, 2026, between 17:00 and 21:00 ...

Drupal critical update to fix bug with high exploitation risk

Drupal has announced a "core security release" scheduled for later today, warning that threat actors might develop exploits ...

Clear your calendar, Drupal user: You have a critically urgent patch to install

If you use Drupal, get ready to patch without delay. The org behind the popular open source content management system is ...
SecurityWeek

Drupal to Patch Highly Critical Vulnerability at Risk of Quick Exploitation

Drupal is warning users that it’s preparing a patch for a ‘highly critical’ vulnerability that may be exploited shortly after ...
Threat Post

Muhstik Botnet Exploits Highly Critical Drupal Bug

A botnet has exploited a highly critical Drupal CMS vulnerability, which was previously disclosed by Drupal in March. Researchers are warning a recently discovered and highly critical vulnerability ...
Dark Reading

New Drupal Exploit Mines Monero for Attackers

A newly discovered vulnerability in Drupal has been exploited to turn infected systems into Monero mining bots. Worse, the vulnerability could easily be exploited to do far more than simply steal ...
Bleeping Computer

Cloudflare Deploys Firewall Rule to Block New Drupal Exploits

Exploitation attempts of a highly critical vulnerability discovered in the Drupal content management software (CMS) on February 20 were blocked by Cloudflare using Web Application Firewall (WAF) rules ...
Threat Post

Two Critical RCE Bugs Patched in Drupal 7 and 8

Drupal’s advisory also included three patches for “moderately critical” bugs. Drupal is urging users to upgrade to the latest release that fixes two critical remote code execution bugs impacting ...