BlueHammer Vulnerability Exploited in Ransomware Attacks

BlueHammer Vulnerability Exploited in Ransomware Attacks
CISA says the Microsoft Defender vulnerability BlueHammer, tracked as CVE-2026-33825, is being used in ransomware attacks. The flaw was publicly disclosed on April 2, patched by Microsoft on April 14, and later added to CISA’s Known Exploited Vulnerabilities catalog after Huntress observed it being exploited as a zero-day. #BlueHammer #CVE-2026-33825 #MicrosoftDefender #CISA #Huntress

Keypoints

  • CISA says BlueHammer is being exploited in ransomware campaigns.
  • BlueHammer is tracked as CVE-2026-33825 in Microsoft Defender.
  • Microsoft disclosed the flaw on April 2 and patched it on April 14.
  • Huntress observed exploitation before Microsoft released fixes.
  • CISA added the vulnerability to its KEV catalog on April 22.

Read More: https://www.securityweek.com/bluehammer-vulnerability-exploited-in-ransomware-attacks/