All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Nightmare-Eclipse: Rogue researcher releases six Windows zero-day exploits since April 2026

By

Barracuda Networks

3d ago· 7 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

The bagel they save for the regulars. Don't skim, savour.

Score100TypeanalysisSentimentnegative

Summary

Nightmare-Eclipse is a rogue security researcher who has released six Microsoft Windows zero-day exploits (BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, and MiniPlasma) since April 2026. The exploits target various Windows components including the Cloud Files Mini Filter Driver, Windows Defender, and other core security features. The researcher's motivations appear to be a grudge against Microsoft, with symbolic naming conventions and imagery (including '666' and 'deadeclipse' in the blog URL). The article profiles the threat actor's identity, motivation, exploit analysis, confirmed in-the-wild exploitation, and provides defensive recommendations for MSPs and IT security teams.

Key quotes

· 3 pulled
It's hard to say whether the 'eclipse' motif has any significance. It could be a metaphor for eclipsing/overtaking Microsoft security or darkening the Microsoft name.
The blog URL includes '666' and 'deadeclipse,' and the name includes 'chaotic.' We don't have to dig deep to find meaning here.
MiniPlasma is the most recent release, and the first name to break the color + noun pattern.
Snippet from the RSS feed
Nightmare-Eclipse is a rogue security researcher who has released six Microsoft Windows zero-day exploits — including BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma and MiniPlasma — since April 2026. This threat actor profile covers the researcher's

You might also wanna read

Anonymous researcher releases two new Windows zero-day exploits after Patch Tuesday

An anonymous security researcher (Nightmare-Eclipse/Chaotic Eclipse) has released two new Windows zero-day exploits — YellowKey (a BitLocker

theregister.com·3d ago

Security researcher publishes YellowKey zero-day exploit that bypasses Microsoft BitLocker encryption via USB stick

Security researcher Chaotic Eclipse (Nightmare-Eclipse) has published two new zero-day exploits targeting Microsoft systems after their prev

tomshardware.com·18d ago

BlueHammer abuses Windows Defender's update process to gain SYSTEM access

hackingpassion.com·1mo ago

Security researcher claims BitLocker bypass vulnerability may be intentional Microsoft backdoor

A security researcher known as Nightmare-Eclipse has discovered and released YellowKey, a vulnerability that allegedly bypasses Microsoft's

techspot.com·14d ago

Windows Defender Vulnerability Allows Malicious File Persistence Through Cloud Tag Detection

The article describes a GitHub repository called 'RedSun' that documents a Windows Defender vulnerability. The vulnerability involves Window

github.com·1mo ago

Analysis: Sophisticated Backdoor Campaign Targets Ivanti EPMM Using Dormant Shells

A February 2026 cybersecurity campaign targeted Ivanti Endpoint Manager Mobile (EPMM) systems with sophisticated backdoor techniques. Instea

defusedcyber.com·3mo ago