theregister

Clear your calendar, Drupal user: You have a critically urgent patch to install

The Drupal Security Team’s Monday PSA announcing the imminent patch for Drupal core doesn’t include any specifics, with the PSA noting that Drupal isn’t willing to share additional information until ...
The Hacker News

Funnel Builder Flaw Exploited to Enable WooCommerce Checkout Skimming

A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages ...
SecurityWeek

Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild

Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions. Microsoft Exchange Server users are urged to immediately mitigate a ...
The Hacker News

Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike

The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been ...
Business Wire

Pantheon Brings Next.js to Its Platform, Running CMS and Modern Frontends Under One Roof

The WebOps platform for WordPress and Drupal now runs Next.js, reducing multi-vendor complexity by unifying IT, developers, and marketers around a single system designed to build and run the web at ...
CMS Wire

Pantheon Launches Next.js GA, Eyeing AI Agents and the Future of Web Infrastructure

Pantheon built its reputation on WordPress and Drupal. Now it wants a seat at the table for what comes next — and it's betting that table is being set by Next.js. The San Francisco-based managed ...
CSOonline

Hackers have been exploiting an unpatched Adobe Reader vulnerability for months

Adobe Reader vulnerabilities have been exploited for decades by threat actors taking advantage of the universal use of the utility to fool employees into downloading infected PDF documents through ...
CSOonline

New Shai-Hulud worm spreading through npm, GitHub

The latest version also executes malicious code during the preinstall phase, and is bigger and faster than the first wave, say researchers. A new version of the Shai-Hulud credentials-stealing ...
Searchenginejournal.com

2025 Core Web Vitals Challenge: WordPress Versus Everyone

The Core Web Vitals Technology Report shows the top-ranked content management systems by Core Web Vitals (CWV) for the month of June (July’s statistics aren’t out yet). The breakout star this year is ...
GitHub

Gatsby Starter Drupal Homepage

Note: This version of the Drupal homepage starter is written in TypeScript. If you want to use Drupal but JavaScript is more your style, there is also a JavaScript version maintained on GitHub. The ...
Bleeping Computer

Latest SQL Injection news

CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively ...