"The vulnerability, tracked as CVE-2026-33825, has a CVSS score of 7.8 and is described as an elevation of privilege bug due to insufficient access control granularity."
"BlueHammer exploits a time-of-check to time-of-use (TOCTOU) flaw in Defender's signature update mechanism, allowing low-privileged attackers to gain System permissions."
"Huntress identified suspicious FortiGate SSL VPN access linked to the compromised environment, with a source IP geolocated to Russia and additional suspicious infrastructure in other regions."
A zero-day vulnerability in Microsoft Defender, identified as CVE-2026-33825, has been exploited using publicly available proof-of-concept code. Patched on April 14, the flaw, named BlueHammer, allows attackers with low privileges to gain System permissions through a race condition in the signature update mechanism. The vulnerability was disclosed by a researcher known as Chaotic Eclipse, who published exploit code on GitHub. Initial attacks leveraging this exploit were observed shortly after its public release, with additional suspicious activity linked to compromised environments.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]