Drupal: Critical SQL injection flaw now targeted in attacks

bleepingcomputer.com·May 22, 2026

Drupal has issued a warning about hackers trying to exploit a serious SQL injection vulnerability that was disclosed earlier this week.

Given your focus on zero day threats and vulnerability management, the key takeaway is that you should immediately prioritize patching any instances of Drupal in your network to mitigate the risk of exploitation from the SQL injection vulnerability. This aligns with proactive threat intelligence and incident response strategies, ensuring that your systems remain secure against rapidly evolving threats.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

darkreading.com
[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You
The virtual event "Anatomy of a Data Breach: What to Do if it Happens to You," scheduled for June 18, 2026, aims to equip SecOps teams with knowledge on vulnerabilities and incident response strategies to better prepare for potential cyberattacks. Participants will explore the latest tools and best practices to help prevent becoming victims of data breaches.
bleepingcomputer.com
Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks
Hackers, identified as DriveSurge, have compromised thousands of websites to execute large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques, which trick users into downloading malicious software. The campaigns utilize a Traffic Distribution System (zTDS) to redirect visitors and employ social engineering tactics to facilitate malware infections.
bleepingcomputer.com
Red Hat npm packages compromised to steal developer credentials
Over 30 npm packages from Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack, distributing a new variant of credential-stealing malware called "Miasma." The malicious packages were designed to steal sensitive developer credentials and were removed by Red Hat upon discovery, with no impact reported on customer environments.
bleepingcomputer.com
Spain arrests doxer leaking sensitive data of govt employees
The Spanish National Police have arrested an individual responsible for leaking sensitive personal data of government employees, including those from key state organizations such as the National Cybersecurity Institute. The leak posed significant national security risks, prompting an urgent investigation and raid on the suspect's residence.
securityweek.com
WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites
A critical vulnerability in the WP Maps Pro WordPress plugin, tracked as CVE-2026-8732, is being exploited by threat actors to take over websites by allowing unauthenticated users to create administrative accounts. The issue has been addressed in version 6.1.1 of the plugin, which now includes capability checks to restrict access.

Browse all Cybersecurity News →

Drupal: Critical SQL injection flaw now targeted in attacks

Want more content like this?

More from Cybersecurity News

[Virtual Event] Anatomy of a Data Breach: What to Do if it Happens to You

Hackers hijack thousands of sites for ClickFix and FakeUpdate attacks

Red Hat npm packages compromised to steal developer credentials

Spain arrests doxer leaking sensitive data of govt employees

WP Maps Pro Vulnerability Exploited to Take Over WordPress Sites