CISA: Windows BlueHammer flaw now exploited by ransomware gangs

CISA: Windows BlueHammer flaw now exploited by ransomware gangs
CISA said ransomware gangs are now exploiting the Microsoft Defender privilege escalation flaw BlueHammer (CVE-2026-33825), which had already been used in zero-day attacks. The vulnerability was leaked with proof-of-concept code by researcher “Nightmare Eclipse,” and it can lead attackers from local access to full SYSTEM control on Windows devices. #BlueHammer #CVE-2026-33825 #MicrosoftDefender #NightmareEclipse #CISA

Keypoints

  • CISA confirmed BlueHammer is being used by ransomware gangs.
  • The flaw affects Microsoft Defender and enables local privilege escalation.
  • Nightmare Eclipse leaked the vulnerability with proof-of-concept exploit code.
  • Attackers can access the SAM database and escalate to SYSTEM privileges.
  • CISA added CVE-2026-33825 to the KEV Catalog and ordered federal agencies to patch it.

Read More: https://www.bleepingcomputer.com/news/security/cisa-windows-bluehammer-flaw-now-exploited-by-ransomware-gangs/