A newly documented exploit called RedSun enables system-level user access on Windows 11, Windows 10, and Windows Server systems running the April 2026 Update. The vulnerability has been publicly disclosed on GitHub.
RedSun represents a significant security concern for Windows deployments, allowing attackers to escalate privileges to system user level across multiple Windows versions. The exploit affects Windows 11, Windows 10, and Windows Server platforms updated with Microsoft's April 2026 patches.
The vulnerability was published on GitHub under the RedSun repository, detailing the technical methods for achieving system-level access. The disclosure has already garnered attention from the security community, with the GitHub repository and associated Hacker News discussion accumulating substantial engagement.
Key details remain limited in public statements, but the exploit's effectiveness across multiple Windows versions—from consumer editions to server infrastructure—suggests a widespread impact potential. Organizations running any of the affected systems are likely to prioritize assessment and remediation efforts.
The April 2026 Update timing indicates this is a relatively recent discovery, potentially affecting systems that have already deployed the latest patches. This raises questions about the update's security vetting process and whether additional vulnerabilities may exist in the same release.
Microsoft has not yet issued a public statement regarding RedSun. The company typically responds to confirmed vulnerabilities through emergency security updates or acknowledgment in advisory channels, though response timelines vary based on severity classification and exploitation likelihood.
The public GitHub repository suggests researchers are sharing technical details openly rather than following responsible disclosure protocols directly with Microsoft, accelerating awareness across threat actors and defenders alike.
Windows administrators should prioritize testing available mitigations and monitoring for exploitation attempts. The broad scope of affected systems—spanning consumer and enterprise editions—means organizations of all sizes require immediate attention to this issue.
Federal prosecutors have unsealed a 2024 indictment charging three Russian nationals and two web hosting services with facilitating cyberattacks and money laundering that victimized cybercrime targets of $62 million.
A hacker accessed Suno's source code using stolen employee credentials, revealing that the AI music generator scraped decades of audio from YouTube to train its model.
Criminals can now clone voices with AI in mere seconds, outpacing traditional authentication defenses that banks and financial institutions rely on to prevent fraud.
Five malicious versions of AsyncAPI packages were published to npm, delivering a remote access trojan capable of stealing credentials and sensitive data from developer systems.