Hackers have infiltrated at least one organization over the past two weeks using Windows vulnerabilities posted online by a disgruntled security researcher, according to a cybersecurity firm.
This was reported by the cyber security company Huntress on Friday A series of posts in X Its researchers found that hackers used three Windows security flaws: BlueHammer, UnDefend, and RedSun.
It is not clear who is the target of this attack and who are the hackers.
BlueHammer is the only bug out of the three vulnerabilities used by Microsoft patchy until now. A fix for BlueHammer was introduced earlier this week.
Hackers appear to be exploiting the bugs using exploit code that a security researcher has posted online.
A researcher who went with Chaotic Eclipse earlier this month published on his blog It’s code to exploit an unpatched vulnerability in Windows, they say. The researcher pointed to some conflict with Microsoft as a motive for publishing the code.
“I wasn’t bluffing Microsoft, and I still do,” they said he wrote. “A big thank you to MSRC for making this possible,” they added, Microsoft’s Security Response Center, the company’s team that investigates cyberattacks and manages vulnerability reports.
Techcrunch event
San Francisco, CA
|
October 13-15, 2026
Days later, Chaotic Eclipse UnDefend published and then RedSun published earlier this week. The researcher published code to exploit all three loopholes GitHub page.
All three vulnerabilities affect Microsoft’s Windows Defender antivirus, allowing a hacker to gain elevated or administrator access to an affected Windows computer.
TechCunch could not reach Chaotic Eclipse for comment.
In response to a series of specific questions, Microsoft communications director Ben Hope said in a statement that the company supports “coordinated vulnerability disclosure, a widely accepted industry practice that helps ensure that issues are carefully investigated and resolved before they are publicly disclosed, helping to support both customer protection and the security research community.”
This is what the cybersecurity industry calls “full disclosure.” When researchers find a flaw, they can report it to the manufacturer of the affected software to fix it. At that point, the company usually accepts the receipt, and if the vulnerability is legitimate, the company works to patch it. Often, the company and the researchers agree on a timeline that defines when the researcher can release their findings.
Sometimes, for various reasons, this communication breaks down, and researchers make the details of the error public. In some cases, to prove the existence or severity of a partial flaw, researchers go a step further and publish “proof-of-concept” code that can exploit the flaw.
When this happens, cybercriminals, government hackers and others can take the code and use it for their attacks, leaving cybersecurity defenders scrambling to deal with the disaster.
John Hammond, one of the researchers at Huntress, told TechCrunch: “The fact that these are now so readily available and already weaponized for easy use, for better or for worse, I think ultimately puts us in another tug-of-war game between defenders and cybercriminals.”
“Scenarios like these have us competing with our adversaries; defenders are scrambling to protect against malicious actors who quickly take advantage of these exploits … especially now that they are a ready tool for an attacker,” Hammond said.
