Drupal has released security updates to address Critical cross site request forgery (CSRF) and Arbitrary PHP code execution vulnerabilities affecting multiple versions of Drupal. A remote attacker could exploit these…
Drupal has released security updates to address cross-site scripting (XSS) and Open Redirect vulnerabilities affecting Drupal 7, 8.7, and 8.8.
Drupal has released a critical security update to address third-party library CKEditor XSS vulnerabilities in Drupal 8.7.x and 8.8.x.
The Australian Cyber Security Centre (ACSC) has released new guidelines to assist organizations in securing Content Management Systems (CMS). The guidelines include good mitigation advice in areas of patching, account management, hardening and monitoring to name a few.
Cyber attackers are exploiting an older Drupal remote code execution vulnerability CVE-2018-7600 dubbed Drupalgeddon2.
Drupal has released a security update to address a critical vulnerability in Drupal 8.7.4 Workspaces module.
Drupal updated the severity of a remote code execution (RCE) vulnerability to "Highly Critical" after known exploits were discovered.
Drupal has released a critical security update to address a vulnerability in Drupal 7.x, 8.5.x and 8.6.x. The vulnerability is rated critical and impacts third party libraries.
Drupal has released a security update to address multiple vulnerabilities in its Drupal Core product version 7.x and 8.x.
A malicious cryptomining campaign has been targeting hundreds of websites running outdated Drupal content management systems. The new cyber attacks exploit recently revealed vulnerabilities on the Drupal platform, patched for over a month.