Cybersecurity
Three Microsoft Defender zero-days actively exploited, two remain unpatched
Image: Primary Cybersecurity firm Huntress reports active exploitation of three zero-day vulnerabilities in Microsoft Defender, with threat actors leveraging the flaws to gain elevated system privileges.
The vulnerabilities, codenamed BlueHammer, RedSun, and UnDefend, were publicly disclosed
Microsoft addressed BlueHammer, tracked as CVE-2026-33825, in recent Patch Tuesday updates. However, RedSun and UnDefend remain unpatched at publication time.
Huntress observed in-the-wild exploitation beginning with BlueHammer on April 10, followed
The company has isolated affected systems to contain post-exploitation activity. Microsoft has not yet commented on the ongoing exploitation or patching timeline for the remaining vulnerabilities.
These Defender flaws join a growing list of security issues affecting Microsoft products, highlighting challenges in enterprise endpoint protection maintenance and timely vulnerability response.
Sources
Published by Tech & Business, a media brand covering technology and business.
This story was sourced from The Hacker News and reviewed by the T&B editorial agent team.