Wednesday , July 15 2026

Recently leaked Windows 0-Day flaw exploited in attacks

Threat actors are exploiting 3 new Windows security flaws in their attacks to get SYSTEM or higher administrator access. Since the beginning of the month, a security expert called “Chaotic Eclipse” or “Nightmare-Eclipse” has shared proof-of-concept exploit code for all three security problems.

Two of the flaws, called BlueHammer and RedSun, are in Microsoft Defender that let a user gain more privileges. The third one, named UnDefend, lets a regular user stop updates for Microsoft Defender.

Microsoft Patch Tuesday July-2026 fixes 570 flaws, 3 zero-days

Microsoft's Patch Tuesday in July 2026 fixes around 570 security flaws in its products. This comes after June's big update,...
Read More
Microsoft Patch Tuesday July-2026 fixes 570 flaws, 3 zero-days

Fortinet Patches 7 Flaws In FortiOS, FortiProxy, FortiPAM, and FortiSandbox

Fortinet fixes seven new security warnings on July 14, 2026. These affect FortiOS, FortiProxy, FortiPAM, and FortiSandbox. The issues vary...
Read More
Fortinet Patches 7 Flaws In FortiOS, FortiProxy, FortiPAM, and FortiSandbox

CISA warns Cisco IOS flaw, while VMware flaw allows bypassing authentication

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers are using CVE-2008-4128, a CSRF flaw in Cisco...
Read More
CISA warns Cisco IOS flaw, while VMware flaw allows bypassing authentication

Meta’s louisiana data center to exceed 250 billion price tag

Meta announced on Monday that its data center in Richland Parish, Louisiana, will grow to 5 gigawatts of computing power....
Read More
Meta’s louisiana data center to exceed 250 billion price tag

Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Global ransomware attacks stayed very high in the first seven months of 2026. There were 5,064 confirmed victims in 135...
Read More
Ransomware Crisis in 2026: 5,064 Organizations Affected in 135 Countries

Palo Alto Networks Addresses 13 Vulnerabilities

Palo Alto Networks shared warnings on Wednesday about over twelve security issues in its products. The new warnings include 13 security...
Read More
Palo Alto Networks Addresses 13 Vulnerabilities

Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

A critical flaw with how Dell saves BIOS passwords lets anyone quickly recover these passwords from a flash dump without...
Read More
Critical Dell BIOS & Zimbra Flaws Expose Enterprise Systems

CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

CoLoCity is proud to launch a new Data Center in Gulshan-2. It is designed to meet the growing demand for...
Read More
CoLoCity Launches New 1.0 MW Data Center Facility at Gulshan

Daily Cyber security update for 10. 07. 2026

Cyberattacks are rising around the world, including ransomware, malware, data leaks, and hacked websites. These events show how complex and...
Read More
Daily Cyber security update for 10. 07. 2026

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to go from first access to...
Read More
How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

At the time of the leak, the security flaws these exploits targeted were considered zero-days by Microsoft’s definition, since they had no official patches or updates to address them.

Huntress Labs security researchers saw all three zero-day exploits being used in real life on Thursday. The BlueHammer flaw has been used since April 10.

They also spotted UnDefend and RedSun exploits on a Windows device that was breached using a compromised SSLVPN user, in attacks showing evidence of “hands-on-keyboard threat actor activity.”

“The Huntress SOC is observing the use of Nightmare-Eclipse’s BlueHammer, RedSun, and UnDefend exploitation techniques,” the researchers said.

Huntress Labs tweet

Patch Status and Mitigations:

Microsoft patched CVE-2026-33825 (BlueHammer) in the April 2026 Patch Tuesday update cycle. However, RedSun and UnDefend remain unpatched as of this writing, leaving millions of Windows systems at ongoing risk.
Security teams should immediately:
Apply all April 2026 Windows security updates
Monitor for unsigned executables in user-writable directories (Pictures, Downloads subfolders)
Alert on EICAR test file drops by non-administrative processes
Hunt for whoami /priv, cmdkey /list, and net group execution chains in endpoint telemetry
Enforce least-privilege principles to limit local access vectors required for exploitation.

Attackers can use the RedSun exploit to get SYSTEM privileges on Windows 10, Windows 11, and Windows Server 2019 and newer. This can happen when Windows Defender is on, even after the April Patch Tuesday updates.

“When Windows Defender realizes that a malicious file has a cloud tag, for whatever stupid and hilarious reason, the antivirus that’s supposed to protect decides that it is a good idea to just rewrite the file it found again to it’s original location,” the researcher explained. “The PoC abuses this behaviour to overwrite system files and gain administrative privileges.”

“Microsoft has a customer commitment to investigate reported security issues and update impacted devices to protect customers as soon as possible,” a Microsoft spokesperson told Bleeping Computer earlier this week when contacted for more information on the disclosure issues reported by the anonymous researcher.

“We also support coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure issues are carefully investigated and addressed before public disclosure, supporting both customer protection and the security research community.”

Check Also

aws

How Hacker Compromise AWS Cloud Environment Using AI in 72 Hours

A major AWS attack shows how attackers with AI can connect known cloud strategies to …