CISA has updated the Microsoft Defender BlueHammer flaw, CVE-2026-33825, to mark it as used in ransomware campaigns. The flaw was patched in April, but the new flag gives Windows teams a fresh reason to verify Defender updates, endpoint telemetry, and local privilege escalation controls.