\n<\/p>\n
Hackers have broken into at least one organization using Windows vulnerabilities published online by a disgruntled security researcher over the last two weeks, according to a cybersecurity firm.<\/p>\n
On Friday, cybersecurity company Huntress said in a series of posts on X<\/a> that its researchers have seen hackers taking advantage of three Windows security flaws, dubbed BlueHammer, UnDefend, and RedSun.\u00a0<\/p>\n It\u2019s unclear who the target of this attack is, and who the hackers are.<\/p>\n BlueHammer is the only bug among the three vulnerabilities being exploited that Microsoft has patched<\/a> so far. A fix for BlueHammer was rolled out earlier this week.\u00a0<\/p>\n It appears that the hackers are exploiting the bugs by using exploit code that the security researcher published online.\u00a0<\/p>\n Earlier this month, a researcher who goes by Chaotic Eclipse published on their blog<\/a> what they said was code to exploit an unpatched vulnerability in Windows. The researcher alluded to some conflict with Microsoft as the motivation behind publishing the code.\u00a0<\/p>\n \u201cI was not bluffing Microsoft and I\u2019m doing it again,\u201d they wrote<\/a>. \u201cHuge thanks to MSRC leadership for making this possible,\u201d they added, referring to Microsoft\u2019s Security Response Center, the company\u2019s team that investigates cyberattacks and handles reports of vulnerabilities.<\/p>\n Techcrunch event<\/p>\n \n\t\t\t\t\t\t\t\t\tSan Francisco, CA<\/span> Days later, Chaotic Eclipse<\/a> published UnDefend, and then earlier this week published RedSun. The researcher published code to exploit all three vulnerabilities on their GitHub page<\/a>.\u00a0<\/p>\n All three vulnerabilities affect the Microsoft-made antivirus Windows Defender, allowing a hacker to gain high-level or administrator access to an affected Windows computer.<\/p>\n TechCunch could not reach Chaotic Eclipse for comment. <\/p>\n In response to a series of specific questions, Microsoft\u2019s communications director Ben Hope said in a statement that the company supports \u201ccoordinated vulnerability disclosure, a widely adopted industry practice that helps ensure issues are carefully investigated and addressed before public disclosure, supporting both customer protection and the security research community.\u201d<\/p>\n This is a case of what the cybersecurity industry calls \u201cfull disclosure.\u201d When researchers find a flaw, they can report it to the affected software maker to help them fix it. At that point, usually the company acknowledges receipt, and if the vulnerability is legitimate, the company works to patch it. Often, the company and researchers agree on a timeline that establishes when the researcher can publicly explain their findings.\u00a0<\/p>\n Sometimes, for a variety of reasons, that communication breaks down and researchers publicly disclose details of the bug. In some cases, in part to prove the existence or severity of a flaw, researchers go a step further and publish \u201cproof-of concept\u201d code capable of abusing that bug.<\/p>\n When that happens, cybercriminals, government hackers, and others can then take the code and use it for their attacks, which prompts cybersecurity defenders to rush to deal with the fallout.\u00a0<\/p>\n \u201cWith these being so easily available now, and already weaponized for easy use, for better or for worse I think that ultimately puts us in another tug-of-war match between defenders and cybercriminals,\u201d John Hammond, one of the researchers at Huntress who has been tracking the case, told TechCrunch.\u00a0<\/p>\n \u201cScenarios like these cause us to race with our adversaries; defenders frantically try to protect against ill-intended actors who rapidly take advantage of these exploits\u2026 especially now as it is just ready-made attacker tooling,\u201d said Hammond.<\/p>\n<\/div>\n
\n\t\t\t\t\t\t\t\t\t\t\t\t\t|<\/span>
\n\t\t\t\t\t\t\t\t\t\t\t\t\tOctober 13-15, 2026<\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n