IT News Roundup: Drupal SQL Injection, GPT-5.5 Instant, Tech Layoffs Surge - May 26, 2026

The technology landscape this week is defined by a critical web platform vulnerability affecting millions of Drupal sites, OpenAI's rapid model iteration cycle delivering GPT-5.5 Instant, a massive wave of tech industry layoffs driven by AI restructuring, and an impressive open-source security discovery effort from Anthropic. Cloud infrastructure investment continues its upward trajectory as Google commits over half its ML compute budget to cloud customers.

Drupal Core CVE-2026-9082: Critical SQL Injection in Database Abstraction API

A critical SQL injection vulnerability, identified as CVE-2026-9082, was discovered in Drupal Core's database abstraction API in May 2026. The flaw allows unauthenticated attackers to perform information disclosure, privilege escalation, and remote code execution on affected installations. The vulnerability has been added to CISA's Known Exploited Vulnerabilities Catalog, signaling immediate risk to the wild.

The issue affects a wide range of Drupal versions: 8.9.0 through 10.4.x (before 10.4.10), 10.5.0 through 10.5.x (before 10.5.10), 10.6.0 through 10.6.x (before 10.6.9), 11.0.0 through 11.1.x (before 11.1.10), and 11.2.0 and later versions. Sites using PostgreSQL databases face particular risk. Security researchers at Berkeley and Trend Micro have flagged the vulnerability as actively exploitable, and immediate patching is strongly recommended for all Drupal administrators.

Source: CISA KEV Catalog, Aviatrix, Tenable, UC Berkeley Security

OpenAI Releases GPT-5.5 Instant: Smarter Responses, Fewer Emojis

OpenAI launched GPT-5.5 Instant on May 5, 2026, as the new default model for broader ChatGPT users. The update arrives roughly two months after the previous GPT-5.3 Instant release on March 3, signaling a shift toward sub-60-day improvement cycles driven by massive compute investment and better reinforcement learning techniques. GPT-5.5 Instant delivers more accurate responses while notably cutting back on the gratuitous emojis that had become a user complaint in earlier versions.

The broader GPT-5.5 model, released on April 23, 2026 under the codename "Spud," achieved benchmark scores of 82.7% on Terminal-Bench 2.0 and 51.7% on FrontierMath Tier 1-3. Both GPT-5.5 and GPT-5.5 Pro are available via the API, with the models deploying across Plus, Pro, Business, and Enterprise tiers. The rapid release cadence underscores OpenAI's strategy of continuous model improvement in the face of intensifying competition from Anthropic and other AI developers.

Source: OpenAI, TechCrunch, 9to5Mac

Tech Layoffs Accelerate: Over 113,000 Jobs Lost in 2026 AI Restructuring Wave

The technology industry is undergoing a massive restructuring driven by AI automation, with more than 113,000 workers losing their jobs in 2026 so far despite $725 billion flooding into AI investments. Cloudflare announced cuts to over 1,100 positions in early May, representing roughly one-fifth of its global workforce, citing AI-driven efficiency gains. The company stated that AI systems can now perform tasks such as generating code more quickly than human developers.

Coinbase followed with a 14% workforce reduction affecting approximately 700 employees, while Upwork and xAI also announced significant job cuts. Fast Company reported that these companies are explicitly pointing to AI as the driver behind the reductions, describing a push to become "AI native" organizations. The layoffs highlight the paradoxical nature of the AI boom: record capital investment in artificial intelligence is simultaneously eliminating the very jobs that built the technology.

Source: Yahoo Finance, Fast Company, The Cooldown, Los Angeles Times

Anthropic's Project Glasswing Uncovers 10,000+ Critical Vulnerabilities

Anthropic disclosed on May 23, 2026, that its Project Glasswing initiative has helped uncover more than 10,000 high- or critical-severity vulnerabilities across some of the most systemically important software in use today. The project leverages AI-powered analysis to automatically scan and identify security flaws in widely deployed software, representing one of the largest coordinated vulnerability discovery efforts in the industry.

The scale of the findings underscores both the fragility of modern software supply chains and the potential of AI-assisted security research. By identifying vulnerabilities before they can be exploited in the wild, Project Glasswing aims to shift the security paradigm from reactive patching to proactive discovery. The initiative joins a growing trend of AI companies using their own models to improve software security, turning the same technology that introduces new attack surfaces into a powerful defensive tool.

Source: The Hacker News

Google Commits Half of ML Compute Investment to Cloud Business

At Google Cloud Next 2026, CEO Sundar Pichai announced that just over half of Google's overall machine learning compute investment in 2026 will be directed toward the Cloud business to benefit cloud customers and partners. This represents a significant shift in resource allocation, positioning Google Cloud as the primary beneficiary of the company's massive AI infrastructure buildout rather than internal products alone.

The commitment signals Google's determination to compete more aggressively in the cloud infrastructure market, where AWS and Microsoft Azure currently hold dominant positions. By dedicating the majority of its ML compute spending to cloud-facing infrastructure, Google is betting that enterprise AI workloads will be the primary growth driver for the cloud sector. The announcement also hints at expanded TPU availability and improved AI tooling for cloud customers in the coming months.

Source: Google Cloud Blog

ShinyHunters Gang Shows Major Resurgence in 2026

SWK Technologies reported in its May 2026 cybersecurity recap that the notorious ShinyHunters cybercriminal group has experienced a significant resurgence. The gang, previously linked to high-profile attacks on Ticketmaster, Santander Bank, Neiman Marcus, and most recently Instructure's Canvas learning management system, has been targeting a wider range of sectors including education, finance, and retail.

Threat analysts describe ShinyHunters as a loose affiliation of teenagers and young adults based primarily in the United States and the United Kingdom, specializing in large-scale data breaches and extortion. The group's recent activity, including the Canvas LMS disruption that affected nearly 9,000 schools during final exam season, demonstrates both their technical capability and their willingness to target high-impact timing. Organizations across all sectors should maintain heightened vigilance and ensure their breach response plans are current.

Source: SWK Technologies