Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Hackers have broken into at least one organization using Windows vulnerabilities published online by a disgruntled security researcher in the past two weeks, according to a cybersecurity firm.
On Friday, the cybersecurity company Huntress said in series of X posts that its researchers found hackers exploiting three Windows security flaws, called BlueHammer, UnDefend, and RedSun.
It is not clear who is the target of this attack, and who are the hackers.
BlueHammer is the only bug out of three exploitable vulnerabilities that Microsoft has treatment until today. A fix for BlueHammer was rolled out earlier this week.
It appears that hackers exploited the bugs by using code published by security researchers online.
Earlier this month, a researcher went through a Chaotic Eclipse published on their blog what they say is code to exploit an unpatched Windows vulnerability. The researcher points to some conflict with Microsoft as the motivation for publishing the code.
“I didn’t bluff Microsoft and I’m doing it again,” they said WRITES. “Many thanks to the leadership of the MSRC for making this possible,” they added, referring to Microsoft’s Security Response Center, the company’s group that investigates cyberattacks and handles reports of vulnerabilities.
Techcrunch event
San Francisco, CA
|
October 13-15, 2026
Days passed, Chaotic Eclipse UnDefend was published, and then earlier this week RedSun was published. The researcher published the code to exploit all three vulnerabilities in their GitHub page.
All three vulnerabilities affect the Microsoft-made antivirus Windows Defender, which allows a hacker to gain high-level or administrator access to an affected Windows computer.
TechCunch could not reach Chaotic Eclipse for comment.
In response to a series of specific questions, Microsoft communications director Ben Hope said in a statement that the company supports “coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure that issues are carefully investigated and addressed before public disclosure, supporting customer protection and the security research community.”
This is a case of what the cybersecurity industry calls “full disclosure.” If researchers find a bug, they can report it to the affected software maker to help them fix it. At that point, the company usually acknowledges receipt, and if the vulnerability is legitimate, the company works to patch it. Usually, the company and researchers agree on a timeline that establishes when the researchers can explain their findings to the public.
Sometimes, due to various reasons, the communication breaks down and the researchers reveal the details of the bug to the public. In some cases, in part to prove the existence or severity of a bug, researchers go a step further and publish “proof of concept” code capable of exploiting that bug.
When that happens, cybercriminals, government hackers, and others can get hold of the code and use it for their attacks, prompting cybersecurity defenders to rush to address the fallout.
“With it being readily available now, and already being weaponized for easy use, for better or worse I think we’re finally setting up another game of tug-of-war between defenders and cybercriminals,” John Hammond, one of the Huntress researchers tracking the case, told TechCrunch.
“Scenarios like these cause us to race against our adversaries; defenders fear trying to defend against malicious actors who rapidly exploit these exploits…
