All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Microsoft zero-day feud escalates as researcher threatens major exploit release on July 14

By

Jessica Lyons

20h ago· 7 min readenNews
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

A five-star bake. Worth schmearing, sharing, saving.

Score100TypenewsSentimentnegative

Summary

The ongoing feud between Microsoft and security researcher Nightmare Eclipse (aka Chaotic Eclipse) has escalated, with the researcher having already released six Windows zero-day exploits (RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPl) — three of which are under active exploitation. The researcher has threatened a "bone shattering" drop of additional exploits on July 14. Microsoft has finally responded with a blog post addressing (un)coordinated vulnerability disclosure regarding the now-public bugs.

Key quotes

· 3 pulled
The researcher, who has thus far released six Windows zero-days, promising a 'bone shattering' drop on July 14.
Microsoft, for its part, finally responded to the security researcher and their weaponized Windows flaws with a blog post on (un)coordinated vulnerability disclosure about the now-public bugs.
The ongoing saga of Microsoft versus Nightmare Eclipse (aka Chaotic Eclipse), the disgruntled bug hunter with a deep understanding of Windows and an even deeper grudge against Microsoft, reached a fever pitch.
Snippet from the RSS feed
Six 0-days, three under active exploitation, more to come on July 14?

You might also wanna read

Anonymous researcher releases two new Windows zero-day exploits after Patch Tuesday

An anonymous security researcher (Nightmare-Eclipse/Chaotic Eclipse) has released two new Windows zero-day exploits — YellowKey (a BitLocker

theregister.com·3d ago

Security researcher publishes YellowKey zero-day exploit that bypasses Microsoft BitLocker encryption via USB stick

Security researcher Chaotic Eclipse (Nightmare-Eclipse) has published two new zero-day exploits targeting Microsoft systems after their prev

tomshardware.com·17d ago

Security researcher claims BitLocker bypass vulnerability may be intentional Microsoft backdoor

A security researcher known as Nightmare-Eclipse has discovered and released YellowKey, a vulnerability that allegedly bypasses Microsoft's

techspot.com·14d ago

CVE-2025-53136: Microsoft Patches Windows Kernel Information Disclosure Vulnerability Bypassing KASLR

Microsoft patched CVE-2025-53136, a kernel information disclosure vulnerability in Windows NT OS Kernel that allowed leaking kernel base add

crowdfense.com·8mo ago

Dirty Frag (CVE-2026-43284): Critical Linux Kernel Root Exploit Disclosed — Second Major Vulnerability in Eight Days

A critical Linux kernel vulnerability called "Dirty Frag" (CVE-2026-43284 and CVE-2026-43500) has been publicly disclosed, giving root acces

copahost.com·22d ago

Security Researcher Discovers Vulnerabilities in VSCode Extensions and Core Software

A security researcher details their discovery and disclosure of three vulnerabilities in VSCode extensions and one in VSCode itself (CVE-202

blog.trailofbits.com·3mo ago