The post The Compliance Trap: How a 13,000-Org Phishing Wave Bypasses MFA via AiTM Proxying appeared first on Daily CyberSecurity.

The post Microsoft Defender Flaw Erased DigiCert Root Certificates and Paralyzed Windows Systems appeared first on Daily CyberSecurity.

Microsoft fixed a Defender false positive that flagged legitimate DigiCert certificates as malware, disrupting Windows trust stores for some IT teams.

The post Microsoft Defender Bug Triggers False Malware Alerts for DigiCert Certificates appeared first on TechRepublic.

What happened A faulty Microsoft Defender antimalware signature update released around April 30, 2026, caused widespread false positive alerts by incorrectly flagging two legitimate DigiCert root certificates as high-severity malware. The detection, labeled Trojan:Win32/Cerdigent.A!dha, identified registry entries belonging to DigiCert Assured ID Root CA and DigiCert Trusted Root G4 as threats and automatically quarantined them […]

The post Microsoft Defender Mistakenly Flags DigiCert Root Certificates as Malware appeared first on CISO Whisperer.

The post Microsoft Defender Mistakenly Flags DigiCert Root Certificates as Malware appeared first on Security Boulevard.

Microsoft flagged 8.3 billion phishing emails as attackers turned to QR codes, fake CAPTCHAs, PhaaS kits, and file-based payloads.

The post Microsoft Flagged 8.3B Phishing Emails in Q1 as QR Codes, CAPTCHAs Rise appeared first on TechRepublic.

The post Microsoft Defender Zero-Day “BlueHammer” Hits KEV Catalog Following Researcher’s Protest appeared first on Daily CyberSecurity.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-33825 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog.

CVE-2026-33825 is a Microsoft Defender flaw that can be exploited to achieve privilege escalation. Microsoft fixed it with the release of Patch Tuesday security updates for April 2026.

Last week, Huntress researchers reported that attackers are exploiting three recently disclosed zero-day flaws in Microsoft Defender to gain higher privileges on compromised systems, including CVE-2026-33825 (aka BlueHammer). The vulnerabilities, called BlueHammer, RedSun, and UnDefend, were revealed by a researcher known as Chaotic Eclipse after criticizing Microsoft’s handling of the disclosure.

Chaotic Eclipse also published proof-of-concept code for the unpatched Windows bug.

BlueHammer and RedSun let attackers escalate privileges locally in Microsoft Defender. UnDefend instead triggers a denial-of-service, blocking security definition updates and weakening protection.

At this time, Microsoft has only fixed the flawok CVE-2026-33825, but the others remain unpatched.

Huntress researchers reported attackers are exploiting the three Windows flaws to target systems, though the victims and attackers remain unknown.

Huntress said it saw real-world exploitation of all three flaws. Attackers used BlueHammer starting April 10, 2026, then followed with RedSun and UnDefend proof-of-concept exploits on April 16.

Researchers believe attackers are using public exploit code released online by Chaotic Eclipse. Huntress said attackers started exploiting BlueHammer on April 10, 2026, then followed with RedSun and UnDefend proof-of-concept exploits on April 16.

The Huntress SOC is observing the use of Nightmare-Eclipse's BlueHammer, RedSun, and UnDefend exploitation techniques.

Investigation by: @wbmmfq, @Curity4201, + @_JohnHammond pic.twitter.com/ZFRI2XAYIA

— Huntress (@HuntressLabs) April 16, 2026

When exploit code becomes publicly available, threat actors can quickly weaponize it in attacks in the wild.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerability by May 6, 2026.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, US CISA Known Exploited Vulnerabilities catalog)

Microsoft says Windows 11’s built-in security is strong enough for most users, though power users and enterprises may still want third-party protection.

The post Microsoft: Most Windows 11 Users Don’t Need Third-Party Antivirus appeared first on TechRepublic.

The post Microsoft Teams Exploited for Silent Enterprise Takeovers appeared first on Daily CyberSecurity.

Although the team with Microsoft moved swiftly to patch the BlueHammer vulnerability, other exploits still threaten Microsoft Defender and Windows users.

The post Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched appeared first on TechRepublic.

The post Zero-Day Alert: The “Red Sun” Vulnerability Turning Microsoft Defender into a Hacker’s Tool appeared first on Daily CyberSecurity.

Attackers exploit three Microsoft Defender zero-days, code-named BlueHammer, RedSun, and UnDefend, to gain elevated access.

Attackers are exploiting three recently disclosed zero-day flaws in Microsoft Defender to gain higher privileges on compromised systems. The vulnerabilities, called BlueHammer, RedSun, and UnDefend, were revealed by a researcher known as Chaotic Eclipse after criticizing Microsoft’s handling of the disclosure.

Chaotic Eclipse also published proof-of-concept code for the unpatched Windows bug.

BlueHammer and RedSun let attackers escalate privileges locally in Microsoft Defender. UnDefend instead triggers a denial-of-service, blocking security definition updates and weakening protection.

At this time, Microsoft has only fixed the BlueHammer flaw, tracked as CVE-2026-33825, but the others remain unpatched.

Huntress researchers reported attackers are exploiting the three Windows flaws to target systems, though the victims and attackers remain unknown.

Huntress said it saw real-world exploitation of all three flaws. Attackers used BlueHammer starting April 10, 2026, then followed with RedSun and UnDefend proof-of-concept exploits on April 16.

Researchers believe attackers are using public exploit code released online by Chaotic Eclipse.

The Huntress SOC is observing the use of Nightmare-Eclipse's BlueHammer, RedSun, and UnDefend exploitation techniques.

Investigation by: @wbmmfq, @Curity4201, + @_JohnHammond pic.twitter.com/ZFRI2XAYIA

— Huntress (@HuntressLabs) April 16, 2026

Huntress said attackers started exploiting BlueHammer on April 10, 2026, then followed with RedSun and UnDefend proof-of-concept exploits on April 16.

And today, April 16:

→ C:Users[REDACTED]DownloadsRedSun.exe

This triggered a Defender EICAR file alert, as is part of its attack technique. pic.twitter.com/LulC1QNiBn

— Huntress (@HuntressLabs) April 16, 2026

When exploit code becomes publicly available, threat actors can quickly weaponize it in attacks in the wild.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Microsoft defender)

The post New AI-Driven Phishing Campaign Subverts Microsoft’s Device Code Flow appeared first on Daily CyberSecurity.

The post Beyond the URL: How “Cookie-Gated” Web Shells Hide Silent RCE in Plain Sight appeared first on Daily CyberSecurity.

The post WhatsApp Under Siege: Microsoft Uncovers Global VBS Malware Campaign appeared first on Daily CyberSecurity.

Hackers are using WhatsApp messages to deliver malware to Windows PCs, exploiting user trust and attachments to trigger stealthy, multi-stage attacks.

The post Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs appeared first on TechRepublic.