Nightmare-Eclipse Privilege Tools Breach FortiGate SSL VPN in the Wild

April 22, 2026 at 12:06 AM

•

1 min read

Nightmare-Eclipse Privilege Tools Breach FortiGate SSL VPN in the Wild — Photo: CyberSecurityNews

TL;DR Summary

Attackers used publicly released Nightmare-Eclipse privilege-escalation tools—BlueHammer, RedSun, and UnDefend—after compromising a FortiGate SSL VPN, marking the first in-the-wild use against a live enterprise. BlueHammer has been patched via CVE-2026-33825; RedSun and UnDefend remain unpatched zero-days. BeigeBurrow served as a covert C2. The intrusion involved VPN logins from Russia and other countries, with binary artifacts including FunnyApp.exe, RedSun.exe, undef.exe, and the BeigeBurrow domain staybud.dpdns.org. Mitigations include applying the April 2026 patch, scanning for artifacts in user-writable paths, reviewing VPN authentication logs for multi-country access, blocking agent.exe -server -hide, and applying the published YARA rule to detect BeigeBurrow.

Topics:technology #beigeburrow #bluehammer #cyber-security #fortigate #nightmare-eclipse #undefend

Share this article

Hackers Use Nightmare-Eclipse Tools After Compromising FortiGate SSL VPN Access CyberSecurityNews
Unpatched Microsoft Defender Flaw Lets Hackers Gain Admin Access on Windows extremetech.com
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched The Hacker News
Exploits Turn Windows Defender into Attacker Tool Dark Reading
Hackers are abusing unpatched Windows security flaws to hack into organizations TechCrunch

Reading Insights

Total Reads

Unique Readers

Time Saved

55 min

vs 56 min read

Condensed

99%

11,006 → 97 words

Want the full story? Read the original article

Read on CyberSecurityNews

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights