Cybersecurity remained a central concern across enterprise and open-source ecosystems this month as multiple high-profile incidents and critical vulnerability disclosures affected widely deployed platforms. Security teams continued to face pressure to patch faster, monitor exposed systems more closely, and respond to a growing volume of actively exploited vulnerabilities.

Verizon’s 2026 Data Breach Investigations Report found that the exploitation of vulnerabilities overtook stolen credentials as the leading initial access method in analysed breaches for the first time. Microsoft’s May Patch Tuesday also addressed roughly 120 vulnerabilities affecting Office, SharePoint Server, and Windows enterprise infrastructure.

The open-source sector saw renewed urgency around patch management after the Drupal Security Team released SA-CORE-2026-004, a highly critical SQL injection vulnerability affecting supported Drupal core versions using PostgreSQL databases. The advisory prompted emergency patching efforts across enterprise Drupal deployments.

Security agencies continued to warn about the growing number of actively exploited vulnerabilities tracked in CISA’s Known Exploited Vulnerabilities catalogue.

Elsewhere in the open-source ecosystem, discussion turned toward the widening gap between technological capability and public perception. In a recent post, Dries Buytaert argued that Drupal’s reputation has not kept pace with its technical evolution despite continued investment in structured content architecture, APIs, and AI-oriented tooling.

The discussion reflects a broader challenge facing mature open-source platforms competing for visibility against newer frameworks with stronger marketing momentum. Community perception increasingly shapes how projects are evaluated alongside technical capability, governance maturity, and long-term sustainability.

That said, let us now look at the major developments covered in Volume 4, Issue 21 of The Drop Times weekly newsletter, Editor’s Pick. Story listings are now permanently shifted to teaser blocks below, and we will no longer duplicate linked headlines within the Letter from the Editor.

Additional developments from across the Drupal ecosystem were published during the week. Readers can follow The Drop Times on LinkedIn, Twitter, Bluesky, and Facebook for ongoing updates. The publication is also active on Drupal Slack in the #thedroptimes channel.

Allen Jason
Junior Sub-editor
The Drop Times

Managing a patchwork of digital systems? Discover why 2026 is the year for membership bodies and charities to trade platform fragmentation for integration.

Does your content team know how much Drupal accessibility depends on them? From headings to tables, the choices editors make every day shape whether assistive tech users can navigate your site.

Managing a patchwork of digital systems? Discover why 2026 is the year for membership bodies and charities to trade platform fragmentation for integration.

Johanna Bates reflects on Drupal’s nonprofit ecosystem, the value of structured content, and the stewardship needed to support contributors, clients, and mission-driven organisations.

Today we are talking about Web Education, Level up Tutorials, and life after Drupal with guest Scott Tolinski. We'll also cover Views Row SDC as our module of the week.

For show notes visit: https://www.talkingDrupal.com/554

Topics

• Scott Origin Story
• Level Up Tutorials Era
• Syntax Podcast Beginnings
• Growing The Audience
• Web Components Debate
• Leaving Drupal Behind
• What Drupal Still Nails
• Agency Project Highlights
• Booking Podcast Guests
• Scott Work Week Setup
• Running Syntax Team
• Canvas HTML Experiments
• Livestream Tools Challenges
• Funding Via Sentry
• Project Ideas Process
• Conference Speaking Journey
• Speaking Logistics Family
• Content Focus Passion
• Drupal Influence Today
• Mad CSS Tournament
• AI Coding Workflow
• What Excites Him Now

Resources

• Scott Tolinski's Website
• Levelup tutorials
• 1000th episode
• Web awesome
• Talk in Amsterdam - React summit
  • This component could have been a class
• Sigraph conference site
• Too fast too furious learning things quickly
• JSNation
• Scratch
• Css tricks
• MadCss Championship
• State of ai survey
• Jazz.tools
• 0sync
• Graffiti

Guests

Scott Tolinski - tolin.ski stolinski

Hosts

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi Bernardo Martinez - bernardm28

MOTW Correspondent

Martin Anderson-Clutz - mandclu.com mandclu

• Brief description:
  • Have you ever wanted to use a Single Directory Component to format the output of a view on your Drupal website? There's a module for that
• Module name/project name:
  • Views Row SDC
• Brief history
  • How old: created in Apr 2026 by James Shields (lostcarpark), a friend of the podcast
  • Versions available: 1.0.0, which works with Drupal 11.3 and 12
• Maintainership
  • Actively maintained
  • Security coverage
  • Number of open issues: 9 open issues, 3 of which are bugs, though two are marked as fixed in the latest release
• Usage stats:
  • 4 sites
• Module features and usage
  • With this module installed, when you select "Show" in the Format modal for any views display, you'll see a new option for "Single Directory Component", in addition to standard options like "Content view mode" or "Fields"
  • You can then select which of the site's available SDCs you want to use to format each result, and then you can map fields defined in the view to the properties and slots defined for the selected component
  • You can also place a view using this format into a Drupal Canvas layout by having a block display
  • SDCs and Canvas are the new hotness in Drupal theming, so this module gives you some additional ways to incorporate theme into your own Drupal site

If your Drupal website spoke in acronyms, it might sound like this: “DNS hands the request to the CDN, TLS encrypts the connection, and the CTA waits patiently at the end.” 

These clusters of capital letters can feel like jargon and confuse non-technical users. Yet acronyms, words formed from the first letters of longer phrases, are everywhere because they make complex concepts quicker to say and easier to remember.

AI is unbundling both agencies and software. The rebundling is coming — will it be open or closed? Open platforms offer freedom, sovereignty, and portability.

A problem I've been struggling with for a while now is managing my bookmarks. Every time I come across an interesting article I want to read, a good resource I want to keep, or a neat tool I want to try I create a bookmark.

Over time I have collected a large collection of bookmarks so when I add a new one to the list it gets lots in the pile. I've tried to create directories to keep "new" bookmarks or organise them into sections, but I always end up scrabbling to find them.

The problem is that web browsers don't allow you to categorise or search bookmarks so I can never find them again. Also when I swap browsers (which I have done twice this year) I end up having to migrate them over and set up synchronising between computers. This always removes the favicons of the sites so I have even more trouble finding the right link.

After losing yet another bookmark again recently I decided to do something about it. I realised that #! code was the best place for it as I'm always logged into the site, so I set about creating a link directory on the site. I didn't just want a big list of links though. In my mind a good link directory takes a screenshot of the site when the link is created so that it is easy to see what links are there from the screenshot of the original site.

In this article I will go through how I set up the link directory, how links are added, and how the site is able to take screenshots of the links as they are added to the directory. 

Creating The Link Content Type

To store the links I created a content type called "Link" and added a few fields to it.

Read more