Cyber Security News

Hacking Editorial Brief: April 19, 2026

Multiple Windows zero-day vulnerabilities disclosed by a security researcher are now under active exploitation in the wild. Three privilege escalation flaws affecting Microsoft Defender—tracked as BlueHammer, RedSun, and UnDefend—allow threat actors to gain SYSTEM-level or elevated administrator permissions on compromised systems. The proof-of-concept exploits were publicly released, prompting immediate adoption by attackers. Security researchers have verified the BlueHammer exploit, which abuses Windows Defender's update process to escalate privileges. Additionally, CISA added a 17-year-old Microsoft Excel vulnerability to its Known Exploited Vulnerabilities catalog after detecting active exploitation by threat actors, underscoring the persistent risk posed by legacy software flaws in production environments.

Threat actors continue to abuse trusted automation and cloud infrastructure for malware delivery and data theft. Since October 2025, attackers have weaponized n8n workflow automation platform webhooks to conduct phishing campaigns and deliver malicious payloads, leveraging the platform's trusted domain reputation to evade detection. Separately, the ShinyHunters hacking group claims to have stolen nearly 80 million records from Rockstar Games through an Anodot and Snowflake vulnerability. In enforcement news, the FBI arrested 17-year-old Matthew Lane for the massive PowerSchool breach that exposed 60 million records, with the suspect reportedly expressing relief at being caught. The cryptocurrency sector also continues to face significant losses, with April emerging as one of the most damaging months for crypto hacking incidents according to industry reports.

Sources: BleepingComputer · Help Net Security · Cyderes · PC Gamer · The Hacker News · Yahoo Finance · SlashGear