Web-Security
Drupal SA-CORE-2026-004: Highly Critical Unauthenticated SQL Injection Hits PostgreSQL Sites
CVE-2026-9082 is a highly critical SQL injection in Drupal core's database abstraction API. Anonymous attackers can run arbitrary SQL against PostgreSQL-backed sites. Patches dropped May 20; exploitation is expected within days.
Smart Slider 3 Pro Update Infrastructure Compromised — Backdoored Build Pushed to 800K+ WordPress Sites
Attackers compromised Nextend's update servers to distribute a weaponized Smart Slider 3 Pro build containing a multi-layered RAT with credential exfiltration and persistent backdoors.