Three vulnerabilities in Windows Defender (BlueHammer, UnDefend, RedSun) are being actively exploited using leaked proof-of-concept code to gain administrative access on targeted devices. Microsoft has so far only remediated the BlueHammer vulnerability, leaving the others unpatched. The public availability of the exploit tooling has escalated the threat, requiring defenders to urgently apply available patches and implement other defensive measures while awaiting further fixes.
Vulnerability Management Trio of new Windows vulnerabilities under active exploitation April 20, 2026 Share By SC Staff TechCrunch reports that attacks weaponizing the Windows Defender security vulnerabilities BlueHammer, UnDefend, and RedSun which have had their proof-of-concept exploits leaked by security researcher Chaotic Eclipse after a dispute with Microsoft have already compromised at least one organization. Malicious actors have been leveraging the PoC exploits to obtain admin access on targeted Windows devices, noted Huntress in a series of posts on X. Microsoft, which has only remediated BlueHammer so far, emphasized support for coordinated vulnerability disclosure after Chaotic Eclipse hinted at conflict with the firm's Security Response Center. "With these being so easily available now, and already weaponized for easy use, for better or for worse, I think that ultimately puts us in another tug-of-war match between defenders and cybercriminals. Scenarios like these cause us to race with our adversaries; defenders frantically try to protect against ill-intended actors who rapidly take advantage of these exploits... especially now as it is just ready-made attacker tooling," said Huntress researcher John Hammond. SC Staff Related Vulnerability Management Attempted exploitation of vulnerability impacting EoL TP-Link routers discovered SC Staff April 20, 2026 Palo Alto Networks Unit 42 researchers have identified widespread attempts to exploit CVE-2023-33538, a vulnerability in several end-of-life TP-Link router models, reports Cybersecurity Dive. Vulnerability Management Critical RCE vulnerability in protobuf.js; Exploit code published SC Staff April 20, 2026 The vulnerability, tracked as GHSA-xq3m-2v4x-88gg, stems from unsafe dynamic code generation within protobuf.js. Security Operations Express website vulnerability exposed customer order details SC Staff April 20, 2026 The vulnerability allowed unauthorized access to order confirmation pages, revealing customer names, phone numbers, email addresses, postal and billing addresses, and details of purchased items. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds