A critical vulnerability in Microsoft Defender, tracked as CVE-2026-33825 and dubbed "BlueHammer," has been exploited in ransomware attacks as a zero-day prior to patch availability. SecurityWeek reports the flaw was used in the wild, though specific attack campaigns or groups have not been disclosed.
The severity and scope of BlueHammer remain partially under wraps, as no CVSS score or number of affected systems has been published in the available source. However, exploitation before a patch suggests high risk. Ransomware operators leveraged the vulnerability to gain initial access or escalate privileges.
Technical details are scarce, but the vulnerability resides in Microsoft Defender's handling of certain inputs, allowing attackers to execute arbitrary code. Indicators of compromise have not been provided, limiting detection capabilities for defenders.
Microsoft has since released patches to address CVE-2026-33825, but the timeline for the fix is not specified in the source. Organizations are strongly urged to apply the latest Defender updates immediately to mitigate potential threats.
Attribution for the attacks is unknown; no ransomware group has claimed responsibility. The threat landscape continues to see adversaries weaponize zero-days in security software, underscoring the need for rapid patch management.