Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

thehackernews.com·May 23, 2026

A SQL injection vulnerability in Drupal Core is being actively exploited and has been added to the CISA Known Exploited Vulnerabilities (KEV) list, highlighting the urgent need for website security measures.

The most valuable insight for you is the active exploitation of a Drupal Core SQL Injection vulnerability, which has been added to the CISA Known Exploited Vulnerabilities catalog. This highlights the urgency of prioritizing patch management and vulnerability assessments for web applications that use Drupal to mitigate potential breaches.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

darkreading.com
[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You
The virtual event "Anatomy of a Data Breach: What to Do if it Happens to You," scheduled for June 18, 2026, aims to equip SecOps teams with knowledge on vulnerabilities and incident response strategies to better prepare for potential cyberattacks. Participants will explore the latest tools and best practices to help prevent becoming victims of data breaches.
bleepingcomputer.com
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
Hackers, identified as DriveSurge, have compromised thousands of websites to execute large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques, which trick users into downloading malicious software. The campaigns utilize a Traffic Distribution System (zTDS) to redirect visitors and employ social engineering tactics to facilitate malware infections.
bleepingcomputer.com
Red Hat npm packages compromised to steal developer credentials
Over 30 npm packages from Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack, distributing a new variant of credential-stealing malware called "Miasma." The malicious packages were designed to steal sensitive developer credentials and were removed by Red Hat upon discovery, with no impact reported on customer environments.
bleepingcomputer.com
Spain arrests doxer leaking sensitive data of govt employees
The Spanish National Police have arrested an individual responsible for leaking sensitive personal data of government employees, including those from key state organizations such as the National Cybersecurity Institute. The leak posed significant national security risks, prompting an urgent investigation and raid on the suspect's residence.
securityweek.com
WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites
A critical vulnerability in the WP Maps Pro WordPress plugin, tracked as CVE-2026-8732, is being exploited by threat actors to take over websites by allowing unauthenticated users to create administrative accounts. The issue has been addressed in version 6.1.1 of the plugin, which now includes capability checks to restrict access.

Browse all Cybersecurity News →

Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV

Want more content like this?

More from Cybersecurity News

[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

Red Hat npm packages compromised to steal developer credentials

Spain arrests doxer leaking sensitive data of govt employees

WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites