soc

Drupal is warning users that it has already seen attempts to exploit CVE-2026-9082 and security firms are seeing attacks against thousands of websites. The post Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure appeared first on SecurityWeek.

Other noteworthy stories that might have slipped under the radar: CISA contractor exposes credentials, Mythos testing and new features, Huawei router flaw triggered telecom blackout. The post In Other News: Industrial Router Exploitation, CISA KEV Nomination Form, Gas Station Hacking appeared first on SecurityWeek.

Drupal has released security updates for a “highly critical” security vulnerability in Drupal Core that can be exploited by anonymous attackers against sites using PostgreSQL databases. Tracked as the CVE-2026-9082 vulnerability, the issue resides in Drupal’s database abstraction API, which is supposed to sanitize queries before they reach the backend database. Drupal rates the flaw […]

BitLocker is designed to protect data at rest even when a device is lost, stolen, or powered off, which is why a bypass against that trust model draws immediate attention. The CVE-2026-Adresse geschuetzt, publicly referred to as YellowKey, is a Windows security feature bypass flaw that Microsoft says can let an attacker with physical access […]

Jacob Butler, 23, has been arrested in Canada and US authorities are seeking his extradition on computer hacking charges. The post Canadian Man Arrested for Operating Kimwolf Botnet appeared first on SecurityWeek.

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-9082 Drupal Core SQL Injection Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk […]

The FBI says First VPN has been used by dozens of ransomware groups for network reconnaissance and intrusions. The post ‘First VPN’ Cybercrime Service Disrupted, Administrator Arrested appeared first on SecurityWeek.

CVE-2026-Adresse geschuetzt. The post TrendAI Patches Apex One Zero-Day Exploited in the Wild appeared first on SecurityWeek.

Hackers accessed Grafana’s GitHub repositories after a token compromised in the TanStack attack was not rotated. The post Grafana Says Codebase and Other Data Stolen via TanStack Supply Chain Attack appeared first on SecurityWeek.