BlueHammer Microsoft Defender Vulnerability Exploited in Ransomware Campaigns
CVE-2026-33825 in Microsoft Defender, disclosed by researcher Chaotic Eclipse, is being leveraged in active ransomware attacks despite patch availability since April 14.
Attack Brief
TargetMicrosoft DefenderVectorPrivilege escalation via authenticated exploitation of CVE-2026-33825AttributionUnattributed ransomware group; vulnerability disclosed by researcher Chaotic Eclipse / Nightmare Eclipse
Technical Details
CVE IDsCVE-2026-33825AffectedMicrosoft Defender; authenticated attacker required for exploitation
Impact
Confirmed DamageRansomware campaigns leveraging CVE-2026-33825; specific ransomware group identity unknown
Mitigation
PatchesMicrosoft released patches on April 14, 2026
Context
Previous CampaignsCVE-2026-33825 was exploited as a zero-day before patch release; Huntress observed pre-patch exploitationSimilar AttacksBlueHammer is one of several exploits disclosed by Chaotic Eclipse / Nightmare Eclipse researcher due to dissatisfaction with Microsoft's vulnerability handling