惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
T
Threat Research - Cisco Blogs
C
Cyber Attacks, Cyber Crime and Cyber Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
A
Arctic Wolf
Security Latest
Security Latest
Simon Willison's Weblog
Simon Willison's Weblog
I
Intezer
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
T
Troy Hunt's Blog
Latest news
Latest news
Help Net Security
Help Net Security
S
Security Affairs
Webroot Blog
Webroot Blog
The Hacker News
The Hacker News
AI
AI
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
T
Tor Project blog
Forbes - Security
Forbes - Security
Google DeepMind News
Google DeepMind News
AWS News Blog
AWS News Blog
Attack and Defense Labs
Attack and Defense Labs
P
Proofpoint News Feed
www.infosecurity-magazine.com
www.infosecurity-magazine.com
H
Help Net Security
L
Lohrmann on Cybersecurity
S
SegmentFault 最新的问题
Google Online Security Blog
Google Online Security Blog
MongoDB | Blog
MongoDB | Blog
Cyberwarzone
Cyberwarzone
The Last Watchdog
The Last Watchdog
S
Securelist
N
News and Events Feed by Topic
S
Secure Thoughts
F
Fortinet All Blogs
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
量子位
M
MIT News - Artificial intelligence
F
Full Disclosure
T
The Blog of Author Tim Ferriss
T
Tailwind CSS Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Microsoft Security Blog
Microsoft Security Blog
I
InfoQ
P
Privacy International News Feed
L
LangChain Blog
Know Your Adversary
Know Your Adversary
C
CERT Recently Published Vulnerability Notes

TechCrunch

Robots beat human records at Beijing half-marathon Palantir posts mini-manifesto denouncing inclusivity and ‘regressive’ cultures TechCrunch Mobility: Uber enters its assetmaxxing era Cracks are starting to form on fusion energy’s funding boom Blue Origin successfully re-uses a New Glenn rocket for the first time ever Tesla brings its robotaxi service to Dallas and Houston VC Ron Conway says he has a ‘rare form of cancer’ AI chip startup Cerebras files for IPO Anthropic’s relationship with the Trump administration seems to be thawing The App Store is booming again, and AI may be why Once close enough for an acquisition, Stripe and Airwallex are now going after each other “Tokenmaxxing” is making developers less productive than they think Zoom teams up with World to verify humans in meetings Gigs turns your concert history into a personal live music archive Chef Robotics escaped the robot cooking graveyard and says it’s thriving — here’s why Uber will now pick up your returns from your doorstep Anthropic launches Claude Design, a new product for creating quick visuals Google’s AI Mode can now help you find products in stock nearby Bluesky confirms DDoS attack is cause of continued app outages Bluesky confirms DDoS attack is cause of continued app outages Netflix plans to add a vertical video feed, use AI for recommendations SaySo is a new short-form video app that aims to restore users’ trust in news Loop raises $95M to build supply chain AI that predicts disruptions Are we tokenmaxxing our way to nowhere? New leaders, new fund: Sequoia has raised $7B to expand its AI bets Netflix co-founder and chair Reed Hastings to leave board Upscale AI in talks to raise at $2B valuation, says report Physical Intelligence, a hot robotics startup, says its new robot brain can figure out tasks it was never taught From the Startup Battlefield stage to the International Space Station: geCKo Materials built a sticky product Slash, a Ramp competitor founded by teenagers, raises $100M at $1.4B valuation OpenAI takes aim at Anthropic with beefed-up Codex that gives it more power over your desktop European police email 75,000 people asking them to stop DDoS attacks Anthropic CPO leaves Figma’s board after reports he will offer a competing product Google now lets you explore the web side-by-side with AI Mode Two Americans sentenced for helping North Korea steal $5 million in fake IT worker scheme InsightFinder raises $15M to help companies figure out where AI agents go wrong AI traffic to US retailers rose 393% in Q1, and it’s boosting their revenue too Roblox’s AI assistant gets new agentic tools to plan, build, and test games Google adds Nano Banana-powered image generation to Gemini’s Personal Intelligence Google is now targeting bad ads over bad actors You’ve heard of hybrid cars. Now meet a hybrid cement plant. Runway CEO says AI could help Hollywood make 50 films instead of one $100M blockbuster Meta raises Quest 3 and Quest 3S prices due to RAM shortage Canva’s AI assistant can now call various tools to make designs for you Fashion retailer Express left customers’ personal data and order details exposed to the internet This simulation startup wants to be the Cursor for physical AI DeepL, known for text translation, now wants to translate your voice Amazon-backed X-energy files to raise up to $800M in IPO Ford EV and tech chief leaving automaker Wait, could they still actually break up Live Nation? Monarch Tractor’s collapse ends with an acquisition by Caterpillar OpenAI updates its Agents SDK to help enterprises build safer, more capable agents Hightouch reaches $100M ARR fueled by marketing tools powered by AI LinkedIn data shows AI isn’t to blame for hiring decline… yet Feds will require data centers to show their power bills AI learning app Gizmo levels up with 13M users and a $22M investment Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Google rolls out a native Gemini app for Mac This Khosla-backed autonomous pod startup just raised $170M — now it’s aiming for more Accel raises $5B to back late-stage bets India’s vibe-coding startup Emergent enters OpenClaw-like AI agent space Anthropic shrugs off VC funding offers valuing it at $800B+, for now Motorola sues social platforms and creators over posts, raising speech concerns in India Airwallex is about to take on Stripe and the rest of the payments industry — in the physical world After sale of its shoe business, Allbirds pivots to AI Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant Vercel CEO Guillermo Rauch signals IPO readiness as AI agents fuel revenue surge Hack at Anodot leaves over a dozen breached companies facing extortion The largest orbital compute cluster is open for business Trump officials may be encouraging banks to test Anthropic’s Mythos model Apple reportedly testing four designs for upcoming smart glasses X says it’s reducing payments to clickbait accounts TechCrunch Mobility: Who is poaching all the self-driving vehicle talent? From LLMs to hallucinations, here’s a simple guide to common AI terms At the HumanX conference, everyone was talking about Claude Slate Auto: Everything you need to know about the Bezos-backed EV startup Walmart-owned Flipkart, Amazon are squeezing India’s quick-commerce startups Kalshi wins temporary pause in Arizona criminal case AMC will stream ‘The Audacity’ premiere in 21 parts on TikTok Sam Altman responds to ‘incendiary’ New Yorker article after attack on his home Nvidia-backed SiFive hits $3.65B valuation for open AI chips NASA Artemis II splashes down in Pacific Ocean in ‘perfect’ landing for moon mission How to watch NASA’s Artemis II splash back down to Earth TechCrunch is heading to Tokyo — and bringing the Startup Battlefield with it France to ditch Windows for Linux to reduce reliance on US tech YouTube Premium and YouTube Music are getting more expensive Every fusion startup that has raised over $100M Last 24 hours: Save up to $500 on your TechCrunch Disrupt 2026 pass PSA: If you use the Meta AI app, your friends will find out and it will be embarrassing Anthropic temporarily banned OpenClaw’s creator from accessing Claude Snap gets closer to releasing new AI glasses after years-long hiatus Stalking victim sues OpenAI, claims ChatGPT fueled her abuser’s delusions and ignored her warnings Florida AG to probe OpenAI, alleging possible connection to FSU shooting ChatGPT finally offers $100/month Pro plan EFF is the latest organization to leave X What founders can learn from Anjuna’s layoffs and recovery Volkswagen drops all-electric ID.4 in the US in pivot back to gas SUVs Florida AG announces investigation into OpenAI over shooting that allegedly involved ChatGPT StubHub to pay $10M to settle FTC allegations over ‘deceptive’ ticket pricing After data breach, $10B-valued startup Mercor is having a month
Hackers are abusing unpatched Windows security flaws to hack into organizations
Lorenzo Fran · 2026-04-18 · via TechCrunch

Hackers have broken into at least one organization using Windows vulnerabilities published online by a disgruntled security researcher over the last two weeks, according to a cybersecurity firm.

On Friday, cybersecurity company Huntress said in a series of posts on X that its researchers have seen hackers taking advantage of three Windows security flaws, dubbed BlueHammer, UnDefend, and RedSun. 

It’s unclear who the target of this attack is, and who the hackers are.

BlueHammer is the only bug among the three vulnerabilities being exploited that Microsoft has patched so far. A fix for BlueHammer was rolled out earlier this week. 

It appears that the hackers are exploiting the bugs by using exploit code that the security researcher published online. 

Earlier this month, a researcher who goes by Chaotic Eclipse published on their blog what they said was code to exploit an unpatched vulnerability in Windows. The researcher alluded to some conflict with Microsoft as the motivation behind publishing the code. 

“I was not bluffing Microsoft and I’m doing it again,” they wrote. “Huge thanks to MSRC leadership for making this possible,” they added, referring to Microsoft’s Security Response Center, the company’s team that investigates cyberattacks and handles reports of vulnerabilities.

Techcrunch event

San Francisco, CA | October 13-15, 2026

Days later, Chaotic Eclipse published UnDefend, and then earlier this week published RedSun. The researcher published code to exploit all three vulnerabilities on their GitHub page

All three vulnerabilities affect the Microsoft-made antivirus Windows Defender, allowing a hacker to gain high-level or administrator access to an affected Windows computer.

TechCunch could not reach Chaotic Eclipse for comment.

In response to a series of specific questions, Microsoft’s communications director Ben Hope said in a statement that the company supports “coordinated vulnerability disclosure, a widely adopted industry practice that helps ensure issues are carefully investigated and addressed before public disclosure, supporting both customer protection and the security research community.”

This is a case of what the cybersecurity industry calls “full disclosure.” When researchers find a flaw, they can report it to the affected software maker to help them fix it. At that point, usually the company acknowledges receipt, and if the vulnerability is legitimate, the company works to patch it. Often, the company and researchers agree on a timeline that establishes when the researcher can publicly explain their findings. 

Sometimes, for a variety of reasons, that communication breaks down and researchers publicly disclose details of the bug. In some cases, in part to prove the existence or severity of a flaw, researchers go a step further and publish “proof-of concept” code capable of abusing that bug.

When that happens, cybercriminals, government hackers, and others can then take the code and use it for their attacks, which prompts cybersecurity defenders to rush to deal with the fallout. 

“With these being so easily available now, and already weaponized for easy use, for better or for worse I think that ultimately puts us in another tug-of-war match between defenders and cybercriminals,” John Hammond, one of the researchers at Huntress who has been tracking the case, told TechCrunch. 

“Scenarios like these cause us to race with our adversaries; defenders frantically try to protect against ill-intended actors who rapidly take advantage of these exploits… especially now as it is just ready-made attacker tooling,” said Hammond.

Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy.

You can contact or verify outreach from Lorenzo by emailing lorenzo@techcrunch.com, via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.

View Bio