A highly critical SQL injection flaw, identified as CVE-2026-9082, has been discovered in Drupal, and attackers are already actively exploiting it1. This vulnerability poses a significant threat, as it can be used to extract sensitive data from databases. In other security news, a shift from traditional ransomware to pure extortion tactics has been observed, with attackers demanding payments without encrypting data. Additionally, the Ghostwriter threat actor has resurfaced, using a Ukrainian learning platform as a lure to target government entities. Meanwhile, law enforcement has apprehended a 23-year-old individual suspected of operating the Kimwolf botnet. The disclosure of CVE-2026-9082 expands the active attack surface, making it essential for organizations to prioritize their security efforts based on exposure and exploitation evidence. This matters to security practitioners as it highlights the need to stay vigilant and proactive in protecting against emerging threats.