Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Hackers have infiltrated an organization that is exploiting Windows vulnerabilities published online by a disgruntled security researcher in the past two weeks, according to a cybersecurity firm.
On Friday, cybersecurity company Huntress said list of records on X that its researchers have seen hackers taking advantage of three Windows security flaws, called BlueHammer, UnDefend, and RedSun.
It is unclear who the target is, and who is doing the hacking.
BlueHammer is the only bug among the three bugs Microsoft has patchwork for now. The BlueHammer configuration was launched earlier this week.
It appears that hackers are exploiting the bug using code that a security researcher published online.
Earlier this month, a researcher who goes with Chaotic Eclipse published on their blog what he said was code to use a default vulnerability in Windows. The researcher also pointed to another dispute with Microsoft as the reason behind the release of the code.
“I was not bluffing Microsoft and I will do it again,” they he wrote. “Thank you to the MSRC leadership for making this happen,” he added, referring to Microsoft’s Security Response Center, the company’s unit that investigates cyberattacks and handles threat reports.
Techcrunch event
San Francisco, CA
| |
October 13-15, 2026
After days, An Eclipse of Chaos published UnDefend, and earlier this week published RedSun. The researcher generated the code to use all three problems on their own GitHub page.
All three vulnerabilities affect the antivirus developed by Microsoft Windows Defender, allowing an attacker to gain super or administrator privileges on the affected Windows computer.
TechCunch could not reach Chaotic Eclipse for comment.
In response to several questions, Microsoft director Ben Hope said that the company supports “threat disclosure, a widely used process that helps ensure that issues are carefully investigated and addressed before disclosure, to support customer security and the security research team.”
This is what the cybersecurity industry calls “full disclosure.” When researchers find a bug, they can report it to the affected developer for help fixing it. At that time, the company usually accepts the receipt, and if the threat is acceptable, the company works to handle it. In most cases, the company and the researcher agree on a time frame for when the researcher can publicly report their findings.
Sometimes, for a variety of reasons, communication breaks down and researchers publicly disclose the error. Sometimes, in part to prove the existence or severity of the bug, researchers go ahead and publish a “proof of concept” that can exploit the bug.
When this happens, cybercriminals, hackers, and others can take the code and use it in an attack, prompting security guards to rush to deal with the problem.
“It’s readily available here, and the tools are already ready to be used, for better or for worse, I think it puts us in another war game between defenders and cybercriminals,” John Hammond, one of the researchers at Huntress who has been following the story, told TechCrunch.
“Things like this put us on a collision course with our enemies; activists try to protect against wrongdoers who take advantage of these protests…