Drupal is rolling out an emergency security update on May 20. You cannot miss it
Drupal Is Pushing an Emergency Security Update Tomorrow. If You Run a Drupal Site, This Is Not One to Miss. Something significant is coming out of the Drupal project tomorrow, and the way the announcement is worded should be enough to get any site administrator’s attention. The Drupal Security Team has confirmed it will release […]
Something significant is coming out of the Drupal project tomorrow, and the way the announcement is worded should be enough to get any site administrator’s attention.
The Drupal Security Team has confirmed it will release a core security update for all supported branches on May 20, between 5 and 9 p.m. UTC. The type of vulnerability has not been disclosed, standard practice before a coordinated release, but the language around it is unusually direct.
Related breach coverage
- CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack2026-05-23
Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]
- The Pentagon Finally Admits That Location Data Is a Battlefield Problem2026-06-01
The Pentagon confirmed adversaries are using commercial location data to track U.S. troops, exposing risks tied to smartphones and ad-tech networks. For years, security researchers, privacy advocates, and intelligence analysts have been warning about the same thing: smartphone location data isn’t just an advertising product. It’s surveillance infrastructure that anyone with enough money can access. […]
- PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch2026-05-20
PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is PinTheft, discovered by the V12 security team, which affects […]
- Grafana confirms GitHub token breach cybercrime group claims the attack2026-05-18
Grafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase Cartel listed it on a leak site and claimed data theft on May 15. The breach was triggered by a compromised token that gave attackers […]