MUST READ

CVE-2026-9082: Drupal's Highly Critical SQL Injection Flaw Is Already Under Active Attack

 | 

Why pure extortion is replacing traditional ransomware

 | 

Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets

 | 

Authorities arrest 23-year-old accused of running the Kimwolf botnet

 | 

One Telecom Provider Hosted Most of the Middle East ’s Active C2 Infrastructure

 | 

U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog

 | 

Global law enforcement operation takes First VPN offline

 | 

Apple Blocks Over 2 Million Apps in 2025 Fraud Crackdown

 | 

Attackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fix

 | 

Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload

 | 

Discord adds end-to-end encryption to voice and video calls by default

 | 

PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch

 | 

Microsoft issues YellowKey mitigation, no patch yet

 | 

Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free 

 | 

A malicious VS code extension just breached GitHub 's internal repositories

 | 

DirtyDecrypt: PoC Released for yet another Linux flaw

 | 

Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash

 | 

Drupal is rolling out an emergency security update on May 20. You cannot miss it

 | 

Microsoft dismantled malware-signing network Fox Tempest

 | 

Poland shifts away from Signal following cyberattacks on officials’ accounts

 | 

CVE-2026-9082

Pierluigi Paganini May 23, 2026
CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack

Attackers began exploiting Drupal SQL injection flaw CVE-2026-9082 within 48 hours of patch release. Drupal issued a highly critical security patch on May 20 for CVE-2026-9082, a SQL injection vulnerability that allows unauthenticated attackers to compromise sites running PostgreSQL databases. The project maintainers warned ahead of the release that exploits could surface within hours or […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

CVE-2026-9082: Drupal's Highly Critical SQL Injection Flaw Is Already Under Active Attack

Security / May 23, 2026

Why pure extortion is replacing traditional ransomware

Cyber Crime / May 23, 2026

Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets

APT / May 23, 2026

Authorities arrest 23-year-old accused of running the Kimwolf botnet

Cyber Crime / May 22, 2026

One Telecom Provider Hosted Most of the Middle East ’s Active C2 Infrastructure

Hacking / May 22, 2026