Windows Defender leaving the door WIDE OPEN

> Two unpatched Windows Defender zero-days have been actively exploited since April 16th, and both of them work on fully patched Windows 10, Windows 11, and Server 2019 and later, including machines that installed this month's Patch Tuesday updates. One of them makes Defender write the attacker's payload into System32 by itself, then stands back and lets Windows run it as SYSTEM. The other blocks Defender from receiving any new virus definitions and lies to the EDR management console about it, showing green checkmarks on machines that are already fully compromised. > The two exploits are called RedSun and UnDefend, and they come from the same GitHub account that released BlueHammer earlier this month. Microsoft patched BlueHammer during April's Patch Tuesday under CVE-2026-33825. RedSun and UnDefend did not get that treatment. The working proof-of-concept code sits publicly on GitHub, and it runs on every... > > Click to expand... Read more