Hackers are abusing unpatched Windows security flaws to hack into organizations [View all]

Source: TechCrunch

Hackers have broken into at least one organization using Windows vulnerabilities published online by a disgruntled security researcher over the last two weeks, according to a cybersecurity firm.

On Friday, cybersecurity company Huntress said in a series of posts on X that its researchers have seen hackers taking advantage of three Windows security flaws, dubbed BlueHammer, UnDefend, and RedSun.

-snip-

Earlier this month, a researcher who goes by Chaotic Eclipse published on their blog what they said was code to exploit an unpatched vulnerability in Windows. The researcher alluded to some conflict with Microsoft as the motivation behind publishing the code.

“I was not bluffing Microsoft and I’m doing it again,” they wrote. “Huge thanks to MSRC leadership for making this possible,” they added, referring to Microsoft’s Security Response Center, the company’s team that investigates cyberattacks and handles reports of vulnerabilities.

-snip-



Read more: https://techcrunch.com/2026/04/17/hackers-are-abusing-unpatched-windows-security-flaws-to-hack-into-organizations/

---

TechCrunch links to that researcher's blog, where earlier posts said Microsoft had violated an agreement with them, threatened to ruin them and had succeeded in leaving them homeless. The magazine has not been able to reach the researcher for comment.

These unpatched vulnerabilities let a hacker gain high-level or administrative access to a Windows computer.