A highly critical SQL injection vulnerability in Drupal core has raised concerns across organizations running PostgreSQL-backed Drupal environments. Tracked as CVE-2026-9082, the vulnerability affects Drupal’s database abstraction layer and can be exploited remotely without authentication. The vulnerability was disclosed through Drupal security advisory SA-CORE-2026-004 on May 20, 2026. CVE-2026-9082 is now under active exploitation.

Let’s dive into how Two-Factor Authentication for WordPress (2FA) can revolutionize your LMS security game.

The industry has spent the past few weeks focused on Claude Mythos Preview and the rise of autonomous offensive AI. As outlined in Claude Mythos, Project Glasswing, and the Machine-Speed Security Race, this shift is not only about faster attacks. The same AI-driven acceleration that helps attackers discover weaknesses faster can also help defenders validate exposure sooner. For security operations teams, the challenge is turning that strategic shift into action.

With the surge in remote work and BYOD (Bring Your Own Device) policies, securing corporate data across thousands of mobile endpoints has become a critical challenge. In fact, over 80% of small business owners rely on mobile devices for work daily (Zen Business), making mobile device security a critical aspect for businesses. To meet this requirement, businesses are opting for Mobile Device Management (MDM) software at scale.

For organizations within the Defense Industrial Base (DIB), the Cybersecurity Maturity Model Certification (CMMC) 2.0 represents more than a regulatory hurdle. It is becoming a core requirement for doing business with the Department of Defense and for protecting sensitive information across the defense supply chain.

Two recent industry reports validate CrowdStrike’s leadership in the identity threat detection and response (ITDR) market: Identity is the front line of modern cyberattacks. Today’s adversaries log in and use legitimate identities to move laterally, escalate privileges, and operate inside legitimate sessions as trusted users.

Running your own certificate authority sounds like the responsible choice for internal infrastructure. Distribute your root cert to every machine and issue certs internally. In practice, you spend the next six months chasing down every device, contractor laptop, and vendor console that didn’t get root installed. The warnings come back. And when they do, people click through them, because they always have. There’s a simpler path, and most teams don’t know it exists.

On May 26, 2026, at 14:00 UTC, the CrowdStrike Counter Adversary Operations team executed a coordinated takedown of the Glassworm botnet, a global threat targeting software developers through the open-source supply chain. In collaboration with Google and the Shadowserver Foundation, we struck all four of Glassworm's command-and-control (C2) channels simultaneously, severing the operators from their infected machines and their ability to deliver new malicious payloads.

We are launching the Detectify MCP Server to deliver real-time vulnerability data and attack surface insights directly into your AI-powered workflows. Built for developers and AppSec teams using Claude Code, Cursor, ChatGPT, and Claude Desktop, it delivers security data straight to your AI assistants via a remote-hosted server, giving you hacker-proof guardrails without adding anything new to deploy or maintain.