Advisoryloom Editor

Exploits Turn Windows Defender Into Attacker Tool

Advisoryloom Editor April 22, 2026

Three proof-of-concept exploits are being used in active attacks against Microsoft’s built-in security platform; two are unpatched.

Ransomware Negotiator Pleads Guilty to BlackCat Scheme

Advisoryloom Editor April 22, 2026

A cautionary tale illustrates why the person negotiating should never be involved with any part of the...

Hackers Use Lotus Wiper to Destroy Drives and Delete Files in Energy Sector Attack USNjournalbeingclearedusingIOCTLcontrolsSource-Securelist

USNjournalbeingclearedusingIOCTLcontrolsSource-Securelist

Hackers Use Lotus Wiper to Destroy Drives and Delete Files in Energy Sector Attack

Advisoryloom Editor April 22, 2026

A newly discovered malware called Lotus Wiper has been used in a targeted destructive attack against the...

Kyber ransomware gang toys with post-quantum encryption on Windows

Advisoryloom Editor April 22, 2026

A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with...

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Advisoryloom Editor April 22, 2026

Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to...

Microsoft Warns Jasper Sleet Uses Fake IT Worker Identities to Infiltrate Cloud Environments TimelineofeventsthroughtherecruitmentphasesSource-Microsoft

TimelineofeventsthroughtherecruitmentphasesSource-Microsoft

Microsoft Warns Jasper Sleet Uses Fake IT Worker Identities to Infiltrate Cloud Environments

Advisoryloom Editor April 22, 2026

A North Korea-linked threat group is quietly getting hired by real companies. Jasper Sleet, a threat actor...

Drupal core – Moderately critical – Gadget Chain – SA-CORE-2026-002

Advisoryloom Editor April 22, 2026

Project: Drupal core Date: 2026-April-15 Security risk: Moderately critical 14 ∕ 25 AC:Complex/A:Admin/CI:All/II:All/E:Theoretical/TD:Uncommon Vulnerability: Gadget Chain Affected versions: >=...

Drupal core – Moderately critical – Cross-site scripting – SA-CORE-2026-003

Advisoryloom Editor April 22, 2026

Project: Drupal core Date: 2026-April-15 Security risk: Moderately critical 13 ∕ 25 AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Default Vulnerability: Cross-site scripting Affected versions: >=...

CVE-2026-5845

Advisoryloom Editor April 22, 2026

High Severity Description An improper authorization vulnerability in scoped user-to-server (ghu_) token authorization in GitHub Enterprise Server...

CVE-2026-5921

Advisoryloom Editor April 22, 2026

Critical Severity Description A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed...