So, here’s what’s really going on: hackers are taking advantage of three fresh Windows security holes, and they’re not just minor annoyances—they’re using them to grab SYSTEM or administrator privileges. This kind of access basically lets them do almost anything they want on your computer. The chaos started earlier this month, driven by a security researcher who goes by “Chaotic Eclipse” (or “Nightmare-Eclipse” if you follow their online handles). Fed up with how Microsoft’s Security Response Center handled the vulnerability disclosures, they decided to go public by releasing proof-of-concept code for each flaw. This wasn’t just a technical exercise—it was a protest, a way to shine a harsh spotlight on Microsoft’s slow response.

Let’s break down the vulnerabilities. Two of these—named BlueHammer and RedSun—let attackers escalate their privileges using Microsoft Defender. In other words, instead of keeping you safe, Defender actually becomes the weak point that hackers punch through. The third one, called UnDefend, is a bit sneakier. Even a basic user can use it to block updates for Microsoft Defender, giving attackers a window to exploit systems over and over again. What’s worse, at the time these exploits hit the web, Microsoft hadn’t even released official patches. We’re talking about true zero-day threats—essentially, holes nobody had plugged yet.

Researchers at Huntress Labs reported that they’ve already seen hackers using all three exploits in real-world attacks. BlueHammer has been in the wild since April 10, and they’ve spotted UnDefend and RedSun used in an attack where the hackers accessed a system through a compromised SSLVPN account. This was no “set-it-and-forget-it” kind of breach either—investigators found evidence the attackers were prowling around, actively controlling the machine (“hands-on-keyboard activity” is what the pros call it).

The Huntress team isn’t just speculating—they’re watching Nightmare-Eclipse’s tricks get used, step by step, out in the open. That’s rare and alarming, especially since these are techniques that shouldn’t be available to bad actors in the first place.

Now, here’s the kicker: of the three major vulnerabilities, only one has a patch. Microsoft finally assigned BlueHammer the ID CVE-2026-33825 and pushed a fix in their April updates. But RedSun and UnDefend are still out there with no official fix in sight. Attackers can easily use RedSun to seize SYSTEM privileges on just about any recent Windows machine that’s running Defender—even if you just installed April’s security updates. It’s wild. As the original researcher put it, when Defender recognizes a file is malicious but tied to the cloud, it bizarrely decides to just rewrite that file right back where it found it. The proof-of-concept exploit simply takes advantage of this flaky logic, allowing attackers to overwrite critical system files and snatch admin rights.

When pressed, Microsoft offered the standard PR line: they commit to investigating issues and rolling out fixes as quickly as possible. They’re also big fans of coordinated disclosure—a process where security professionals secretly report bugs so companies can fix them before the public knows. That sounds great on paper, but events like this—the frustration-fueled public release of exploits—highlight real cracks in the system.

And the story doesn’t end there. An analyst going by “Mythos” claims that 99% of what they found remains unpatched. That means threat actors are still sitting on a goldmine of zero-day vulnerabilities—ones smart hackers (or, these days, AI systems) can chain together to sidestep every defense Windows can throw at them. The proof? An AI linked four separate zero-days into a single exploit that broke through both browser and operating system sandboxes.

All signs point to a rough wave of exploits on the horizon. Security pros are already nervously prepping for what’s next. At the upcoming Autonomous Validation Summit, experts will dive deep into how advanced validation tools can sniff out these sort of threats, show what’s actually vulnerable, and—maybe—help security teams plug the gaps before attackers take full advantage.

So, if you’re running Windows, now’s not the time to get complacent. Attackers keep getting smarter, faster, and bolder, and the defenders need to catch up—fast.