WHY IT MATTERS: Microsoft Defender, the security software built into Windows, is under pressure from a flaw that has now been linked to ransomware, according to federal cybersecurity officials. The vulnerability, listed as CVE-2026-33825 and known as BlueHammer, lets an authenticated attacker raise their privileges on a system. Once already inside a network, that extra level of access can be enough to move the attack forward. The Cybersecurity and Infrastructure Security Agency says the flaw has been used in ransomware campaigns, but it does not name the groups involved.

BlueHammer became public on April 2 in an unusual fashion. A researcher using the names Chaotic Eclipse and Nightmare Eclipse released exploit details before Microsoft had a patch ready, saying they were unhappy with how the company handles vulnerability reports. That early release reduced the window defenders usually have to prepare.

Microsoft released a fix on April 14 and said the flaw could be used by an authenticated attacker for privilege escalation. Later that month, it updated its advisory to say exploitation was "more likely," but it did not confirm that real-world attacks were underway.

Confirmation came from outside the company. Security firm Huntress reported that attackers were already exploiting the vulnerability before the patches were available, treating it as a zero-day.