Hackers Exploit Unpatched Windows Vulnerabilities After Researcher Publishes Exploit Code

Hackers have broken into at least one organization using Windows vulnerabilities published online by a disgruntled security researcher over the last two weeks, according to cybersecurity firm Huntress. The attackers are exploiting three Windows security flaws dubbed BlueHammer, UnDefend, and RedSun.

BlueHammer is the only bug among the three that Microsoft has patched so far, with a fix rolled out earlier this week. The exploits target vulnerabilities in Windows Defender, allowing hackers to gain high-level or administrator access to affected Windows computers.

The exploits stem from a researcher going by Chaotic Eclipse, who published proof-of-concept code on GitHub following an apparent conflict with Microsoft's Security Response Center. The researcher cited frustration with Microsoft's handling of vulnerability reports as motivation for the public disclosure.

Microsoft said in a statement that it supports "coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure issues are carefully investigated and addressed before public disclosure." The company has not commented on the specific vulnerabilities or the ongoing attacks.

Huntress researchers warn that the readily available exploit code has created a race between defenders and cybercriminals. "Scenarios like these cause us to race with our adversaries; defenders frantically try to protect against ill-intended actors who rapidly take advantage of these exploits," said John Hammond, a researcher at Huntress tracking the case.

Sources:
TechCrunch - Windows vulnerability exploitation report
Huntress Labs - X/Twitter thread on BlueHammer, UnDefend, RedSun
Microsoft Security Response Center - CVE-2026-33825 patch advisory