Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires GitHub sign-in), RedSun, and

⚡

Key Insights

10 AI-generated analytical points · Not copied from source

info@thehackernews.com (The Hacker News)

📅 Apr 17, 2026·⏱ 1 min read·The Hacker News ↗

✈️ Telegram 𝕏 Tweet WhatsApp

📡

Original Source

The Hacker News

https://thehackernews.com/2026/04/three-microsoft-defender-zero-days.html

Read Full ↗

Deep Analysis

Original editorial research · AiFeed24 Intelligence Desk

✦ AiFeed24 Original

Multi-Source Intelligence

AI-synthesized from 5-10 independent sources

Fact Check

Multi-source verification

Tags:#security #the-hacker-news

Found this useful? Share it!

✈️ Telegram 𝕏 Tweet WhatsApp

Read the Full Story

Continue reading on The Hacker News

Visit The Hacker News ↗

Deep Analysis

Original editorial research · AiFeed24 Intelligence Desk

✦ AiFeed24 Original

Multi-Source Intelligence

AI-synthesized from 5-10 independent sources

Fact Check

Multi-source verification

Tags:#security #the-hacker-news

Found this useful? Share it!

✈️ Telegram 𝕏 Tweet WhatsApp

Read the Full Story

Continue reading on The Hacker News

Visit The Hacker News ↗

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Deep Analysis

Multi-Source Intelligence

Fact Check

Related Stories

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

6-Year Ransomware Campaign Targets Turkish Homes & SMBs

Microsoft's Original Windows Secure Boot Certificate Is Expiring

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Deep Analysis

Multi-Source Intelligence

Fact Check

Related Stories

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

6-Year Ransomware Campaign Targets Turkish Homes & SMBs

Microsoft's Original Windows Secure Boot Certificate Is Expiring

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Deep Analysis

Multi-Source Intelligence

Fact Check

Related Stories

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

6-Year Ransomware Campaign Targets Turkish Homes &amp; SMBs

Microsoft's Original Windows Secure Boot Certificate Is Expiring

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Deep Analysis

Multi-Source Intelligence

Fact Check

Related Stories

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

6-Year Ransomware Campaign Targets Turkish Homes &amp; SMBs

Microsoft's Original Windows Secure Boot Certificate Is Expiring

6-Year Ransomware Campaign Targets Turkish Homes & SMBs

6-Year Ransomware Campaign Targets Turkish Homes & SMBs