Threat Actors Exploit Three Defender Zero-Days; Two Remain Unpatched
Huntress warns that three Microsoft Defender zero-days—BlueHammer, RedSun, and UnDefend—are being actively exploited to gain elevated access and disrupt definition updates. BlueHammer has a fix (CVE-2026-33825) included in Patch Tuesday, while RedSun and UnDefend remain unpatched. Exploitation has been observed since April 10–16, 2026 with hands-on-keyboard activity; affected networks have been isolated to prevent further post-exploitation.