securityaffairs.com 7/1/2026, 12:26:41 PM · external

CISA warns BlueHammer flaw now used in ransomware attacks

CISA warns BlueHammer flaw now used in ransomware attacks
CyberSIXT Evidence Panel
CISA KEV Listed in KEV
Patch Patch Available

CISA has confirmed that the vulnerability known as BlueHammer (CVE-2026-33825) is now being exploited in ransomware attacks, allowing attackers to gain SYSTEM privileges through Microsoft Defender. Originally a proof-of-concept, it has transitioned to active exploitation alongside two other zero-day vulnerabilities, RedSun and UnDefend. Researchers noted that this exploitation began in April 2026 after public exploit code was released by researcher Chaotic Eclipse.

The BlueHammer flaw is especially dangerous as it can provide full access to systems, enabling ransomware groups to disable security tools and deploy malware effectively. CISA added BlueHammer to its Known Exploited Vulnerabilities catalog on April 22, with updates indicating its use in ransomware campaigns.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline