Hackers have breached at least one organization in the past two weeks using a Windows vulnerability disclosed online by a disgruntled security researcher, according to a cybersecurity firm.
Last Friday, cybersecurity firm Huntress said in a series of posts about
It is unclear who the target of this attack is and who the hackers are.
BlueHammer is the only bug among the three vulnerabilities that Microsoft has patched so far. A fix for BlueHammer was released earlier this week.
Hackers appear to be exploiting the bug using an exploit code released online by a security researcher.
Earlier this month, a researcher studying Chaotic Eclipse posted on his blog that the code was exploiting an unpatched vulnerability in Windows. The researchers cited conflict with Microsoft as a motivation for publishing the code.
“I’m not bluffing Microsoft, and I’m doing it again,” they wrote. “We are very grateful to the MSRC leadership for making this possible,” they added, referring to the Microsoft Security Response Center, a Microsoft team that investigates cyberattacks and handles vulnerability reports.
Tech Crunch Event
San Francisco, California
|
October 13-15, 2026
A few days later Chaotic Eclipse announced UnDefend and earlier this week RedSun. Researchers posted code that exploits all three vulnerabilities on a GitHub page.
All three vulnerabilities affect Windows Defender, an antivirus created by Microsoft, which could allow hackers to gain high-level or administrator access to affected Windows computers.
TechCunch could not reach Chaotic Eclipse for comment.
In response to a series of specific questions, Ben Hoff, Microsoft’s director of communications, said in a statement that Microsoft “supports coordinated vulnerability disclosure, a widely adopted industry practice that helps us carefully investigate and resolve issues before they become public, supporting both the protection of our customers and the security research community.”
This is a case of what the cybersecurity industry calls “full disclosure.” If researchers find a flaw, they can report it to the manufacturer of the affected software so they can help fix it. At that point, the company typically acknowledges receipt and, if the vulnerability is legitimate, the company works to patch it. Often, companies and researchers agree on a schedule that sets out when researchers can publicly explain their findings.
Sometimes, for various reasons, communication breaks down and researchers release details of the bug publicly. In some cases, to partially prove the existence or severity of a flaw, researchers go one step further and publish “proof of concept” code that could exploit the bug.
When that happens, cybercriminals, government hackers and others can take the code and use it in attacks, sending cybersecurity defenders rushing to deal with the damage.
John Hammond, one of the researchers at Huntress who has been tracking the incident, told TechCrunch, “Now that these capabilities are so readily available and already weaponized for easy use, it’s ultimately going to be another tug-of-war between defenders and cybercriminals, for better or for worse.”
“Scenarios like this put us in a race with our adversaries, with defenders trying desperately to protect against malicious actors who are quick to leverage these exploits, especially now that they are an off-the-shelf attacker tool,” Hammond said.
