CMS Wire

Drupal Code Freeze Update - 82 Weeks + a Slushy

September 7th has passed and the Drupal 7 code freeze is officially on. 82 weeks of development that started in February 2008 has come and gone and now it's time to relax. Oh wait, no, you aren't that ...
ZDNet

Drupal critical flaw: Patch this remote code execution bug urgently, websites warned

The bug was considered serious enough for Drupal's security team to warn admins a day in advance of Wednesday's patch release to reserve time to address the bug. Drupal is the third most popular CMS ...
Tech Times

Drupal Core Patch Drops Today: No-Login Flaw Puts Government and University Sites at Immediate Risk

The Drupal Security Team is releasing patches for all supported core branches today, May 20, 2026, between 17:00 and 21:00 ...
The Hacker News

Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

Drupal released security updates for a highly critical Drupal Core vulnerability affecting sites that use PostgreSQL.
Ars Technica

Drupal users take cover—code-execution bug is being actively exploited [updated]

Malicious hackers wasted no time exploiting a critical bug in the Drupal content management system that allows them to execute malicious code on website servers. Just hours after maintainers of the ...
heise online

Security updates for Drupal: Malicious code attacks on web browsers possible

Poor input validation makes previous versions of Drupal vulnerable. If the conditions are right, attackers can execute malicious code in the victim's web browser via compromised websites created with ...
Threat Post

Drupal Patches Remote Code Execution Vulnerabilities in Three Modules

Developers with the open source content management framework Drupal patched a series of highly critical remote code execution bugs in three separate modules today. If exploited, the bugs could let an ...