Latest Breaking News

highplainsdem

(62,576 posts) Fri Apr 17, 2026, 02:22 PM 18 hrs ago

Hackers are abusing unpatched Windows security flaws to hack into organizations

Source: TechCrunch

Hackers have broken into at least one organization using Windows vulnerabilities published online by a disgruntled security researcher over the last two weeks, according to a cybersecurity firm.

On Friday, cybersecurity company Huntress said in a series of posts on X that its researchers have seen hackers taking advantage of three Windows security flaws, dubbed BlueHammer, UnDefend, and RedSun.

-snip-

Earlier this month, a researcher who goes by Chaotic Eclipse published on their blog what they said was code to exploit an unpatched vulnerability in Windows. The researcher alluded to some conflict with Microsoft as the motivation behind publishing the code.

“I was not bluffing Microsoft and I’m doing it again,” they wrote. “Huge thanks to MSRC leadership for making this possible,” they added, referring to Microsoft’s Security Response Center, the company’s team that investigates cyberattacks and handles reports of vulnerabilities.

-snip-

Read more: https://techcrunch.com/2026/04/17/hackers-are-abusing-unpatched-windows-security-flaws-to-hack-into-organizations/

TechCrunch links to that researcher's blog, where earlier posts said Microsoft had violated an agreement with them, threatened to ruin them and had succeeded in leaving them homeless. The magazine has not been able to reach the researcher for comment.

These unpatched vulnerabilities let a hacker gain high-level or administrative access to a Windows computer.

2 replies

= new reply since forum marked as read

Highlight:

Hackers are abusing unpatched Windows security flaws to hack into organizations (Original Post) highplainsdem 18 hrs ago OP

Evergreen headline... (nt) GJGCA 16 hrs ago #1

True. Never saw details quite like this, though, and TechRadar's headline got those details: highplainsdem 9 hrs ago #2

GJGCA

(300 posts)

1. Evergreen headline... (nt)

Reply to highplainsdem (Original post)

Fri Apr 17, 2026, 03:57 PM

16 hrs ago

highplainsdem

(62,576 posts)

2. True. Never saw details quite like this, though, and TechRadar's headline got those details:

Reply to GJGCA (Reply #1)

Fri Apr 17, 2026, 10:28 PM

9 hrs ago

'They mopped the floor with me and pulled every childish game they could': Disgruntled researcher releases second major Windows zero-day — claims Microsoft 'would ruin my life, and they did'

https://www.techradar.com/pro/security/they-mopped-the-floor-with-me-and-pulled-every-childish-game-they-could-disgruntled-researcher-releases-second-major-windows-zero-day-claims-microsoft-would-ruin-my-life-and-they-did

-snip-

A researcher with the alias “Chaotic Eclipse” has posted a proof-of-concept (PoC) exploit for a vulnerability they named “RedSun”. It is a local privilege escalation flaw that allows malicious actors SYSTEM privileges in the latest versions of Windows 10, Windows 11, and Windows Server, with Windows Defender enabled.

-snip-

Apparently, the researcher was unsatisfied with the way Microsoft handles vulnerability disclosure.

"Normally, I would go through the process of begging them to fix a bug but to summarize, I was told personally by them that they will ruin my life and they did and I'm not sure if I was the only who had this horride experience or few people did but I think most would just eat it and cut their losses but for me, they took away everything," Chaotic Eclipse apparently said.

"They mopped the floor with me and pulled every childish game they could. It was soo bad at some point I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer but it seems to be a collective decision."

-snip-

I hadn't seen the TechRadar story when I posted the one from TechCrunch with that generic headline. The TechRadar headline is way too long for LBN OPs, though.

Reply to this discussion