惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
Microsoft Security Blog
Microsoft Security Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
V
Visual Studio Blog
宝玉的分享
宝玉的分享
IT之家
IT之家
人人都是产品经理
人人都是产品经理
T
The Blog of Author Tim Ferriss
I
InfoQ
B
Blog RSS Feed
T
Threatpost
博客园_首页
M
MIT News - Artificial intelligence
Spread Privacy
Spread Privacy
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Know Your Adversary
Know Your Adversary
U
Unit 42
Engineering at Meta
Engineering at Meta
C
Cyber Attacks, Cyber Crime and Cyber Security
月光博客
月光博客
Scott Helme
Scott Helme
T
Tor Project blog
有赞技术团队
有赞技术团队
AWS News Blog
AWS News Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Last Week in AI
Last Week in AI
S
Schneier on Security
Vercel News
Vercel News
博客园 - Franky
C
Cybersecurity and Infrastructure Security Agency CISA
L
LINUX DO - 热门话题
NISL@THU
NISL@THU
L
LangChain Blog
爱范儿
爱范儿
Google DeepMind News
Google DeepMind News
The GitHub Blog
The GitHub Blog
雷峰网
雷峰网
Latest news
Latest news
C
CXSECURITY Database RSS Feed - CXSecurity.com
Hugging Face - Blog
Hugging Face - Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
www.infosecurity-magazine.com
www.infosecurity-magazine.com
G
GRAHAM CLULEY
S
Security Affairs
A
About on SuperTechFans
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
大猫的无限游戏
大猫的无限游戏
W
WeLiveSecurity
Cisco Talos Blog
Cisco Talos Blog
罗磊的独立博客

darkreading

Vidar Rises to Top of Chaotic Infostealer Market Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain UNC6692 Combines Social Engineering, Malware, Cloud Abuse Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation 20-Year-Old Malware Rewrites History of Cyber Sabotage Parsing Agentic Offensive Security's Existential Threat Helping Romance Scam Victims Require a Proactive, Empathic Approach US Busts Myanmar Ring Targeting US Citizens in Financial Fraud Glasswing Secured the Code. The Rest of Your Stack Is Still on You AI Phishing Is No. 1 With a Bullet for Cyberattackers North Korea's Lazarus Targets macOS Users via ClickFix Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets China-Backed Hackers Are Industrializing Botnets Bad Memories Still Haunt AI Agents 'Zealot' Shows What AI's Capable of in Staged Cloud Attack Africa Relinquishes Cyberattack Lead to Latin America — For Now 'The Gentlemen' Rapidly Rises to Ransomware Prominence DPRK Fake Job Scams Self-Propagate in 'Contagious Interview' Ransomware Negotiator Pleads Guilty to BlackCat Scheme Exploits Turn Windows Defender into Attacker Tool Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool Chinese APT Targets Indian Banks, Korean Policy Circles Vercel Employee's AI Tool Access Led to Data Breach Serial-to-IP Devices Hide Thousands of Old & New Bugs WhatsApp Leaks User Metadata to Attackers How NIST's Cutback of CVE Handling Impacts Cyber Teams Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing Every Old Vulnerability Is Now an AI Vulnerability Coast Guard's New Cybersecurity Rules Offers Lessons for CISOs NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities North Korea Uses ClickFix to Target macOS Users' Data 'Harmless' Global Adware Transforms Into an AV Killer Two-Factor Authentication Breaks Free from the Desktop Microsoft's Original Windows Secure Boot Certificate Is Expiring 6-Year Ransomware Campaign Targets Turkish Homes & SMBs Critical MCP Integration Flaw Puts NGINX at Risk Navigating the Unique Security Risks of Asia's Digital Supply Chain Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests Microsoft, Salesforce Patch AI Agent Data Leak Flaws Microsoft Bets $10B to Boost Japan's AI, Cybersecurity Privilege Elevation Dominates Massive Microsoft Patch Update EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses War Game Exercise Demonstrates How Social Media Manipulation Works Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads CSA: CISOs Should Prepare for Post-Mythos Exploit Storm Adobe Patches Actively Exploited Zero-Day That Lingered for Months Empty Attestations: OT Lacks the Tools for Cryptographic Readiness APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials Hims Breach Exposes the Most Sensitive Kinds of PHI Your Next Breach Will Look Like Business as Usual FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats Orange Business Reimagines Enterprise Voice Communications With Trust and AI Industrial Controllers Still Vulnerable As Conflicts Move to Cyber Can Anthropic Keep Its Exploit-Writing AI Out of the Wrong Hands? Russia's 'Fancy Bear' APT Continues Its Global Onslaught Do Ceasefires Slow Cyberattacks? History Suggests Not Russia's Forest Blizzard Nabs Rafts of Logins via SOHO Routers Threat Actors Get Crafty With Emojis to Escape Detection AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties Fraud Rockets Higher in Mobile-First Latin America Full Sail University to Open IBM Cyber Defense Range Powered by AWS and Cloud Range on Campus Niobium Introduces The Fog Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams Iranian Threat Actors Disrupt US Critical Infrastructure via Exposed PLCs Storm-1175 Deploys Medusa Ransomware at 'High Velocity' Grafana Patches AI Bug That Could Have Leaked User Data RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever Human vs. AI: Debates Shape RSAC 2026 Cybersecurity Trends Lies, Damned Lies, and Cybersecurity Metrics Focusing on the People in Cybersecurity at RSAC 2026 Conference AI-Assisted Supply Chain Attack Targets GitHub Axios Attack Shows How Complex Social Engineering Is Industrialized Fortinet Issues Emergency Patch for FortiClient Zero-Day Automated Credential Harvesting Campaign Exploits React2Shell Flaw Shadow AI in Healthcare Is Here to Stay OWASP GenAI Security Project Gets Update, New Tools Matrix Inconsistent Privacy Labels Don't Tell Users What They Are Getting Apple Breaks Precedent, Patches DarkSword for iOS 18 Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication Claude Source Code Leak Highlights Big Supply Chain Missteps Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026 Not Toying Around: Hasbro Attack May Take 'Weeks' to Remediate Security Bosses Are All in on AI: Here's Why RSAC 2026: AI Dominates, But Community Remains Key to Security Bank Trojan 'Casbaneiro' Worms Through Latin America Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense LatAm's Self-Taught Cyber Talent Overlooked Amid Cyberattack Glut Cyberattacks Intensify Pressure on Latin American Governments Venom Stealer MaaS Platform Commoditizes ClickFix Attacks Are We Training AI Too Late? The Forgotten Endpoint: Security Risks of Dormant Devices Axios NPM Package Compromised in Precision Attack Google's Vertex AI Is Over-Privileged. That's a Problem TeamPCP Breaches Cloud, SaaS Instances With Stolen Credentials
'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues
2026-04-09 · via darkreading

A hammer and nails lying on top of architect plans.

Source: Michael Flippo via Alamy Stock Photo

The leak online of exploit code for an apparent Windows zero-day flaw dubbed "BlueHammer" could be the sign of a larger issue that security researchers face when collaborating with Microsoft on vulnerability disclosure.

Using the alias "Chaotic Eclipse," a researcher anonymously published a blog post on April 2 that contained a GitHub link for the exploit, expressing annoyance with Microsoft for an insufficient response to its disclosure of the flaw. 

"I was not bluffing Microsoft and I'm doing it again," the researcher wrote in the blog post. A companion post on an X account with the same alias also heralded the release of the exploit with a link to the blog post, claiming at the time of writing, "the vulnerability is still unpatched."

The researcher also implied that he had an unsatisfactory interaction with Microsoft's Security Response Center (MSRC) about the disclosure of the flaw, but did not specific exactly what happened. "I'm just really wondering what was the math behind their decision, like you knew this was going to happen and you still did whatever you did," he wrote as part of a README on the GitHub post.

Related:Every Old Vulnerability Is Now an AI Vulnerability

Systemic Problem With Bug Disclosure?

This apparent lack of patience with Microsoft comes as no surprise to Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), who said his company has had "similar frustrations with the MSRC in the past, too."

"I've heard from more than one researcher who has said they don’t work on Microsoft bugs anymore because the disclosure process is too frustrating," Childs tells Dark Reading.

Researchers and cybersecurity vendors have criticized Microsoft for years over the software giant's vulnerability disclosure program and its lack of transparency in disclosing certain cloud flaws. In fact, Microsoft made vulnerability disclosure and transparency a core pillar of the company's Secure Future Initiative (SFI) in 2023 and later touted improvements in those areas.

In an emailed statement, Microsoft said it has a customer commitment to investigate reported security issues and update impacted devices to protect customers as soon as possible. The company also stressed its support of coordinated vulnerability disclosure to protect both customers and the security research community. 

BlueHammer Vulnerability Details

The zero-day flaw combines a time-of-check to time-of-use (TOCTOU) race condition and path confusion in Windows Defender’s signature update system, according to an advisory from the Retail & Hospitality-Information Sharing and Analysis Center (RH-ISAC). If exploited successfully, a local user can access the Security Account Manager (SAM) database, obtain password hashes, and eventually gain administrator rights using the pass-the-hash technique, which would give the attacker full system control.

Related:NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities

Childs tells Dark Reading that the proof-of-concept (PoC) exploit posted by Chaotic Eclipse are both legitimate but he is not sure "how exploitable it will be in practice." 

Will Dormann, principal vulnerability analyst at Tharros, said in a post on social media platform Mastodon that the exploit works on a desktop system, while other researchers cited said it does not currently work on Windows Server.

Childs says this could be because "there are mitigations and differences on server platforms that are not present on client platforms." "I also believe the exploit is not 100% reliable, which is why some people may be experiencing different results," he adds. "Reliability in exploits is hard." 

Indeed, the researcher who posted the PoC acknowledged in their notes on GitHub that the exploit may have flaws that could prevent it from working, which they said will be fixed at a later time. Chaotic Eclipse said in an X post on Wednesday that Microsoft updated the code, which "didn't fix the bugs but makes exploitation slightly harder to detect."

Related:Privilege Elevation Dominates Massive Microsoft Patch Update

Take Zero-Day Flaws Seriously

Since details remain scant about the flaw, it makes it difficult for defenders to mitigate affected systems until Microsoft acknowledges and patches it. Indeed, mitigation should be top of mind for unpatched flaws, as attackers are always scanning for vulnerabilities that they can exploit in the wild. The release of public exploit code makes vulnerable systems even more susceptible to compromise. 

Microsoft zero-day flaws in particular are popular targets for attackers, and often are the basis for significant waves of cyberattacks, especially on enterprise systems. In a blog post on Wednesday, managed security service provider Cyderes warned that a skilled threat actor will likely be able to resolve any issues with the PoC exploit, and that ransomware gangs and advanced persistent threat groups (APTs) typically deploy such exploits "within days of release."

While they wait for the flaw to be patched, organizations using Windows in their IT environments should continue to practice sound security hygiene, warn their employees to be wary of social engineering that could allow an attacker to obtain system credentials, and monitor for any unusual activity on their systems to prevent compromise, security experts said.

Don't miss the latest Dark Reading Confidential podcast, Security Bosses Are All in on AI: Here's Why, where Reddit CISO Frederick Lee and Omdia analyst Dave Gruber discuss AI and machine learning in the SOC, how successful deployments have (or haven’t) been, and what the future holds for AI security products. Listen now!

About the Author

Elizabeth Montalbano

Contributing Writer

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.