Morpht's nightly CI job identified a high-severity vulnerability in Drupal core's twig package, prompting quick action and community response to resolve the issue.
...more
Learn how the 2018 "Drupalgeddon 2" vulnerability led to widespread botnet attacks on unpatched Drupal sites. Acquia’s detailed analysis reveals the importance of timely security updates to prevent remote code execution and crypto-mining malware.
...more
The Views Slideshow module, used by 70,000 Drupal 7 sites, recently lost official security support, leaving many sites vulnerable. D7Security has taken over maintenance, but site owners must act to ensure continued protection.
...more
Discover effective strategies for preventing spam on your Drupal website using modules like http:BL and Spambot. Learn how these tools can reduce unwanted content and protect against fake accounts without disrupting user experience.
...more
Learn how to improve Drupal 9 security by integrating LDAP for centralized user management and strong authentication. This guide covers setup, troubleshooting, and best practices for secure implementation.
...more
Max Pogonowski from Sitback highlights a recent vulnerability in Drupal sites linked to polyfill.io, where malware was injected into scripts by the new owners. He advises updating Drupal modules or using Cloudflare for protection. The post also introduces the Frontend Bundler Initiative to reduce reliance on third-party CDNs.
...more
In web security, maintaining a secure Drupal site involves more than just core updates—it's about managing a complex web of dependencies. In this article, Grzegorz Pietrzak explores the critical steps every Drupal site maintainer should take to safeguard their sites against potential vulnerabilities. From keeping Composer and dependencies up-to-date to leveraging automated tools, discover practical strategies to fortify your Drupal site against modern threats. Stay ahead of security risks with these essential tips and insights.
...more
Arocom's latest post highlights the necessity of proactive monitoring for Drupal websites. Learn how real-time detection, comprehensive monitoring, and advanced tools ensure optimal performance, security, and availability of your Drupal site.
...more
HackTricks details methods for exploiting Remote Code Execution vulnerabilities in older Drupal versions, focusing on the PHP Filter module and backdoored modules. Learn how attackers gain control and how to mitigate these risks.
...more
Scott Carpenter's blog post on Optasy details how Drupal's advanced security features protect government portals from rising cyber threats. Using the City of Hamilton's website as a case study, it highlights the implementation of multi-factor authentication, encryption, and continuous monitoring.
...more
Nik from Versantus reports a critical vulnerability in Polyfill.io libraries, potentially distributing malware after a domain sale. Websites using these libraries must take immediate action to remove or update the code and ensure robust security monitoring.
...more
The Drupal Security Team has issued a PSA highlighting the need for site owners to actively manage third-party library security. Recent concerns include malicious content from polyfill.io, prompting updates and new security measures. Learn more about the recommended tools and actions to ensure compliance.
...more