A newly documented exploit called RedSun enables system-level user access on Windows 11, Windows 10, and Windows Server systems running the April 2026 Update. The vulnerability has been publicly disclosed on GitHub.
RedSun represents a significant security concern for Windows deployments, allowing attackers to escalate privileges to system user level across multiple Windows versions. The exploit affects Windows 11, Windows 10, and Windows Server platforms updated with Microsoft's April 2026 patches.
The vulnerability was published on GitHub under the RedSun repository, detailing the technical methods for achieving system-level access. The disclosure has already garnered attention from the security community, with the GitHub repository and associated Hacker News discussion accumulating substantial engagement.
Key details remain limited in public statements, but the exploit's effectiveness across multiple Windows versions—from consumer editions to server infrastructure—suggests a widespread impact potential. Organizations running any of the affected systems are likely to prioritize assessment and remediation efforts.
The April 2026 Update timing indicates this is a relatively recent discovery, potentially affecting systems that have already deployed the latest patches. This raises questions about the update's security vetting process and whether additional vulnerabilities may exist in the same release.
Microsoft has not yet issued a public statement regarding RedSun. The company typically responds to confirmed vulnerabilities through emergency security updates or acknowledgment in advisory channels, though response timelines vary based on severity classification and exploitation likelihood.
The public GitHub repository suggests researchers are sharing technical details openly rather than following responsible disclosure protocols directly with Microsoft, accelerating awareness across threat actors and defenders alike.
Windows administrators should prioritize testing available mitigations and monitoring for exploitation attempts. The broad scope of affected systems—spanning consumer and enterprise editions—means organizations of all sizes require immediate attention to this issue.
Europe's digital identity wallet age verification system will only work on iOS and Android devices, excluding alternative mobile platforms. The technical specification has drawn criticism from privacy advocates and open-source developers.
The Trump administration has established the Gold Eagle federal clearinghouse to enable real-time sharing of AI-related cyber threat intelligence between government agencies and private sector companies. The White House says the system is already receiving vulnerability reports and coordinating patch prioritization.
Spanish authorities dismantled a major cybercrime organization responsible for €140 million in fraudulent earnings, resulting in four arrests. The ring operated investment scams and business email compromise attacks.
SonicWall has released security updates to address two actively exploited vulnerabilities in its SMA1000 appliance. The company urges customers to patch immediately.