Microsoft released patches for CVE-2026-33825 (BlueHammer), a Microsoft Defender privilege escalation vulnerability, on April 14, 2026. CISA added the flaw to its Known Exploited Vulnerabilities catalog on April 22 and has now updated the entry to confirm active exploitation in ransomware campaigns. Authenticated attackers can escalate privileges to disable defenses, move laterally, or prepare systems for encryption. No details on specific ransomware groups have been publicly disclosed.
// Get alerts for Microsoft Azure