All articles tagged with #bluehammer
GitHub terminated the anonymous security researcher Nightmare-Eclipse after publicly disclosing unpatched Windows vulnerabilities, with the researcher moving to GitLab and continuing to publish exploits (BlueHammer, YellowKey) and threats; Microsoft says the disclosures violated coordinated vulnerability disclosure practices, sparking mixed reactions from the community.
CISA has ordered U.S. federal agencies to patch CVE-2026-33825, a Microsoft Defender privilege-escalation flaw nicknamed BlueHammer that was exploited as a zero-day before Microsoft released a fix on April 14. Agencies have two weeks (until May 7) to secure Windows systems, with CISA warning of ongoing exploitation and advising mitigations or product discontinuation if fixes aren’t available. The report also notes related flaws (RedSun, UnDefend) disclosed by Chaotic Eclipse and evidence of active intrusion including hands-on-keyboard activity and suspicious FortiGate VPN activity tied to Russia. CISA added the flaw to the Known Exploited Vulnerabilities catalog and highlighted broader risks from similar Windows zero-days.
Attackers used publicly released Nightmare-Eclipse privilege-escalation tools—BlueHammer, RedSun, and UnDefend—after compromising a FortiGate SSL VPN, marking the first in-the-wild use against a live enterprise. BlueHammer has been patched via CVE-2026-33825; RedSun and UnDefend remain unpatched zero-days. BeigeBurrow served as a covert C2. The intrusion involved VPN logins from Russia and other countries, with binary artifacts including FunnyApp.exe, RedSun.exe, undef.exe, and the BeigeBurrow domain staybud.dpdns.org. Mitigations include applying the April 2026 patch, scanning for artifacts in user-writable paths, reviewing VPN authentication logs for multi-country access, blocking agent.exe -server -hide, and applying the published YARA rule to detect BeigeBurrow.
A disgruntled security researcher leaked three Microsoft Defender zero-days—BlueHammer, RedSun and UnDefend—exposing over a billion Windows users; BlueHammer has been patched in the April 2026 updates, while RedSun and UnDefend remain unpatched but are already being exploited in the wild. Users should install the April 2026 security updates now and monitor for future patches, with additional antivirus protection to bolster defenses.