The Hacker News

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

Drupal CVE-2026-9082 exploitation hit 15,000 attempts across 65 countries, forcing urgent patches by May 27, 2026.

CISA orders feds to patch actively exploited Drupal vulnerability

CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection ...

Rapid7 Q1 2026 Threat Landscape Report Finds Vulnerability Exploitation Overtakes Social Engineering as the Top Initial Access Vector

New research highlights how AI-driven exploitation, zero-click vulnerabilities, and fragmented ransomware operations are ...