CISA said ransomware gangs are now exploiting the Microsoft Defender privilege escalation flaw BlueHammer (CVE-2026-33825), which had already been used in zero-day attacks. The vulnerability was leaked with proof-of-concept code by researcher “Nightmare Eclipse,” and it can lead attackers from local access to full SYSTEM control on Windows devices. #BlueHammer #CVE-2026-33825 #MicrosoftDefender #NightmareEclipse #CISA
Keypoints
- CISA confirmed BlueHammer is being used by ransomware gangs.
- The flaw affects Microsoft Defender and enables local privilege escalation.
- Nightmare Eclipse leaked the vulnerability with proof-of-concept exploit code.
- Attackers can access the SAM database and escalate to SYSTEM privileges.
- CISA added CVE-2026-33825 to the KEV Catalog and ordered federal agencies to patch it.