CISA has added CVE-2026-33825, an insufficient granularity of access control vulnerability in Microsoft Defender, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation in the wild.
2 posts
CISA has added CVE-2026-33825, an insufficient granularity of access control vulnerability in Microsoft Defender, to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation in the wild.
Threat actors are actively deploying Nightmare-Eclipse proof-of-concept tools, including BlueHammer, RedSun, and UnDefend, in real-world intrusions to exploit Windows Defender race conditions for privilege escalation. The attacks, likely originating from compromised FortiGate VPN access, culminate in the deployment of BeigeBurrow, a Go-based reverse tunnel agent used for persistent command and control.