Apr 17, 2026 · Cloud Files API activity originating outside legitimate OneDrive/sync processes. Mitigation Steps: Apply all Windows updates immediately (monitor MSRC for an emergency RedSun …

Apr 22, 2026 · RedSun is a zero-day LPE in Microsoft Defender with no patch available. Learn how to detect and mitigate it instantly using Qualys VMDR and TruRisk™ Eliminate.

RedSun is a newly disclosed local privilege escalation technique that abuses an insecure behaviour in Windows Defender when handling “cloud-tagged” files.

Defender Triple Zero-Day: BlueHammer, RedSun, and UnDefend

Apr 20, 2026 · Three related zero-day vulnerabilities targeting Microsoft Defender were publicly disclosed in April 2026 by the researcher "Nightmare-Eclipse" (aka "Chaotic Eclipse"). This repo …

Apr 17, 2026 · A newly disclosed Windows zero-day vulnerability dubbed “RedSun” is being actively exploited in the wild, allowing attackers to gain SYSTEM privileges by abusing Microsoft Defender.

Apr 20, 2026 · Three publicly disclosed and in-the-wild exploited Microsoft Defender zero-day vulnerabilities—BlueHammer, RedSun, and UnDefend—are being used to escalate privileges and/or …

Apr 17, 2026 · In this blog, we explain how the Windows Defender CVE-2026-33825 vulnerability works, its real-world risk to organizations, and provide practical steps for validation and remediation.

Apr 17, 2026 · A newly disclosed zero-day vulnerability in Microsoft Defender, dubbed "RedSun," allows an unprivileged user to escalate privileges to full SYSTEM-level access on fully patched Windows …

Apr 17, 2026 · A straight-faced breakdown of the Windows Defender zero-day CVE-2026-33825 (BlueHammer) and the RedSun variant. What it is, how it works, and what Dutch SOC and endpoint …