FeedVulnerabilityNew “RedSun” Windows Defender zero-day exploited in the wild...
VulnerabilityCyber Insider
7.8HIGH

New “RedSun” Windows Defender zero-day exploited in the wild

📅 28 April 2026 at 09:34 UTC📰 Cyber InsiderView original source ↗
New “RedSun” Windows Defender zero-day exploited in the wild

A newly disclosed Windows zero-day vulnerability dubbed “RedSun” is being actively exploited in the wild, allowing attackers to gain SYSTEM privileges by abusing Microsoft Defender. The vulnerability was publicly disclosed by the researcher “Nightmare-Eclipse,” who also released the earlier BlueHammer exploit. The proof-of-concept (PoC) code is available on GitHub and includes a fully working privilege … The post New “RedSun” Windows Defender zero-day exploited in the wild appeared first on CyberInsider.

🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview

A newly disclosed Windows zero-day vulnerability, 'RedSun', is being actively exploited in the wild, allowing attackers to gain SYSTEM privileges by abusing Microsoft Defender. The vulnerability remains unpatched and has been linked to real-world attacks using BlueHammer and UnDefend.

⚙️Technical Details
CVEs
CVE-2026-33825Affected Systems: Windows
Affected Systems
Windows
Attack Vectors
LOCAL
💥Impact Assessment
Severity: critical
Who Is at Risk
Organizations with Windows systems and users who may be targeted by phishing, malicious downloads, or browser exploits.
🛡️Recommended Actions
1Monitor for unexpected cloud sync provider registrations on endpoints
2Alert on unusual use of filesystem redirection (reparse points)
3Enable Attack Surface Reduction (ASR) rules to reduce common entry points
📦Affected Products
Microsoft Defender
🔐NVD Verified DataVERIFIED
CVE-2026-33825CVSS 7.8HIGH
Attack Vector
LOCAL
Complexity
LOW
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weaknesses
CWE-1220

Read the full article

This is a curated summary. The complete article is available at Cyber Insider.

Read on Cyber Insider
← Back to feed