Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks

Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CVSS score of 6.5 out of 10.0, per CVE.org.

This summary was generated from open reporting. Read the full original article ↗

Related

HighData Breaches & Cloud Leaks

Another open bucket spills 12M customer records — and nobody noticed for months

A storage bucket left world-readable exposed names, emails, and partial payment data for an estimated 12 million customers. The lesson is old but evergreen: default-deny on object storage, then verify.

10 hours ago·2 min read·0 comments

HighData Breaches & Cloud Leaks

GitHub links repo breach to TanStack npm supply-chain attack

GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack. [...]

11 hours ago·1 min read·0 comments

HighData Breaches & Cloud Leaks

GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension

GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension.  The development comes as the Nx team revealed that the extension, nrwl.angular-console, was breached after one of its developers' systems was hacked in the

14 hours ago·1 min read·0 comments