Hackers have breached at least one organization in 2026 using Windows vulnerabilities that were publicly disclosed by a disgruntled security researcher, cybersecurity firm Huntress reported Friday on social media platform X.
The attacks exploit three security flaws in Windows Defender—dubbed BlueHammer, UnDefend, and RedSun—that allow hackers to gain administrator-level access to affected Windows computers. All three vulnerabilities were published with working exploit code by a researcher known as Chaotic Eclipse over the past two weeks.
Only BlueHammer has been patched by Microsoft so far, with a fix released earlier this week. The other two vulnerabilities remain unpatched, leaving systems vulnerable to attack.
The researcher published the exploits following what appears to be a conflict with Microsoft’s Security Response Center. “I was not bluffing Microsoft and I’m doing it again,” Chaotic Eclipse wrote on their blog. “Huge thanks to MSRC leadership for making this possible,” they added sarcastically. The researcher made all three exploit codes available on their GitHub page.
The incident represents a breakdown in “coordinated vulnerability disclosure,” the industry-standard practice where researchers privately report flaws to software makers before public disclosure. Microsoft stated the company supports this approach “to ensure issues are carefully investigated and addressed before public disclosure.”
The public availability of ready-to-use exploit code has created an urgent security crisis. “With these being so easily available now, and already weaponized for easy use, I think that ultimately puts us in another tug-of-war match between defenders and cybercriminals,” said John Hammond, a Huntress researcher tracking the case. “Defenders frantically try to protect against ill-intended actors who rapidly take advantage of these exploits.”
The identity of the attacked organization and the hackers remains unknown.
Source: TechCrunch