Home » Security News » Hackers Exploit Windows Defender Flaws Using Publi...

Hackers Exploit Windows Defender Flaws Using Public Code

Deepanker Verma April 18, 2026 Security

Add Techlomedia as a preferred source on Google.

Hackers have started exploiting newly disclosed Windows vulnerabilities using publicly available code. A report from Huntress confirms that at least one organization has already been targeted.

The attacks are linked to three security flaws named BlueHammer, UnDefend, and RedSun. These vulnerabilities affect Windows Defender and can allow attackers to gain high-level or administrator access on affected systems.

The Huntress SOC is observing the use of Nightmare-Eclipse's BlueHammer, RedSun, and UnDefend exploitation techniques.

Investigation by: @wbmmfq, @Curity4201, + @_JohnHammond 🧵👇 pic.twitter.com/ZFRI2XAYIA
— Huntress (@HuntressLabs) April 16, 2026

Out of the three, only BlueHammer has been patched so far by Microsoft. The company released a fix for it earlier this week. The other two vulnerabilities are still unpatched.

According to Huntress, attackers are using exploit code that was published online by a security researcher known as Chaotic Eclipse. The researcher shared proof-of-concept code for all three vulnerabilities on their blog and GitHub.

The researcher also hinted at a dispute with Microsoft as the reason for making the exploits public. In one of the posts, they directly mentioned Microsoft’s Security Response Center.

Huntress researchers observed real attack activity using these exploits. In one case, malicious files were placed inside a user’s system folders, including the Pictures and Downloads directories. The files used names like “FunnyApp.exe” and “RedSun.exe,” similar to the original exploit code.

One attack attempt using BlueHammer was detected and blocked by Windows Defender on April 10. Another attempt using RedSun was seen on April 16, where it triggered a test alert as part of its attack method.

It is still not clear who is behind these attacks or which organizations are being targeted. However, the use of publicly available exploit code makes the situation more serious.

This case shows a growing concern in cybersecurity. When exploit code is released before patches are ready, it gives attackers an easy way to launch real-world attacks. It also puts pressure on companies like Microsoft to respond quickly. While a fix is already available for one flaw, systems may still remain at risk from the other vulnerabilities.

Users and organizations should ensure their systems are updated and avoid running unknown files, especially from untrusted sources.

Follow Techlomedia on Google News to stay updated.

Affiliate Disclosure:

This article may contain affiliate links. We may earn a commission on purchases made through these links at no extra cost to you.

About the Author: Deepanker Verma

Deepanker Verma is the Founder and Editor-in-Chief of TechloMedia. He holds Engineering degree in Computer Science and has over 15 years of experience in the technology sector. Deepanker bridges the gap between complex engineering and consumer electronics. He is also a a known Security Researcher acknowledged by global giants including Apple, Microsoft, and eBay. He uses his technical background to rigorously test gadgets, focusing on performance, security, and long-term value.