430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access

Attackers exploit three Microsoft Defender zero-days, code-named BlueHammer, RedSun, and UnDefend, to gain elevated access. Attackers are exploiting three recently disclosed zero-day flaws in Microsoft Defender to gain higher privileges on compromised systems. The vulnerabilities, called BlueHammer, RedSun, and UnDefend, were revealed by a researcher known as Chaotic Eclipse after criticizing Microsoft’s handling of the […]

Microsoft Zero-Day

Attackers exploit three Microsoft Defender zero-days, code-named BlueHammer, RedSun, and UnDefend, to gain elevated access.

Attackers are exploiting three recently disclosed zero-day flaws in Microsoft Defender to gain higher privileges on compromised systems. The vulnerabilities, called BlueHammer, RedSun, and UnDefend, were revealed by a researcher known as Chaotic Eclipse after criticizing Microsoft’s handling of the disclosure.

Chaotic Eclipse also published proof-of-concept code for the unpatched Windows bug.

BlueHammer and RedSun let attackers escalate privileges locally in Microsoft Defender. UnDefend instead triggers a denial-of-service, blocking security definition updates and weakening protection.

At this time, Microsoft has only fixed the BlueHammer flaw, tracked as CVE-2026-33825, but the others remain unpatched.

Huntress researchers reported attackers are exploiting the three Windows flaws to target systems, though the victims and attackers remain unknown.

Huntress said it saw real-world exploitation of all three flaws. Attackers used BlueHammer starting April 10, 2026, then followed with RedSun and UnDefend proof-of-concept exploits on April 16.

Researchers believe attackers are using public exploit code released online by Chaotic Eclipse.

When exploit code becomes publicly available, threat actors can quickly weaponize it in attacks in the wild.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft defender)