Drupal is warning users that it’s preparing a patch for a ‘highly critical’ vulnerability that may be exploited shortly after its disclosure.

CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection ...

Drupal has announced a "core security release" scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure.

Drupal warns users that it has seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands ...

Attackers are currently targeting websites created with the CMS Drupal. However, pages are only vulnerable if they use ...

Drupal issued a security advisory of four critical vulnerabilities rated from moderately critical to critical. The vulnerabilities affect Drupal versions 9.3 and 9.4. The security advisory warned that ...

For millions of websites that rely on the Drupal platform, a highly critical remote code execution (RCE) discovered about two months ago prompted companies to push through emergency patches to help ...

Drupal has released security updates to address vulnerabilities in Drupal 7.x, 8.8.x, 8.9.x, and 9.0.x. An attacker could exploit some of these vulnerabilities to obtain sensitive information or ...

Drupal released a security advisory to address a vulnerability affecting multiple Drupal core versions. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition.