A researcher’s public release of six Windows zero-days has already led attackers to exploit three of them, and Microsoft says more unpatched flaws remain. Microsoft named the bugs as RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma; it said BlueHammer, RedSun, and UnDefend saw attacks after proof-of-concept exploit code was posted, while YellowKey is tracked as CVE-2026-45585 and, along with GreenPlasma and MiniPlasma, still lacks a fix.
2026.06.10
66% relevant
The article also materially updates the broader Nightmare Eclipse disclosure saga by identifying RoguePlanet as the seventh public Microsoft zero-day from the same researcher and connecting it to the earlier pattern in which previously dumped flaws were later exploited before patching.
Sergiu Gatlan
2026.06.10
73% relevant
The article is tied to the same Nightmare Eclipse disclosure wave and adds that Microsoft patched GreenPlasma and MiniPlasma, two of the publicly dumped Windows zero-days, during June 2026 Patch Tuesday.
Lawrence Abrams
2026.06.09
72% relevant
This article adds another public zero-day release by the same researcher, Nightmare Eclipse, extending the ongoing disclosure dispute with Microsoft and showing a newly published Microsoft Defender local privilege-escalation exploit that appears to work on fully patched Windows 10 and 11 systems.
BrianKrebs
2026.06.09
87% relevant
The piece ties two June Patch Tuesday zero-days to the same Nightmare Eclipse disclosure campaign, specifically connecting GreenPlasma to CVE-2026-45586 and YellowKey to CVE-2026-50507, while noting the researcher plans more releases.
Eduard Kovacs
2026.06.03
93% relevant
This article covers the same underlying event: the Nightmare Eclipse/Chaotic Eclipse public disclosure of multiple unpatched Microsoft vulnerabilities, including RedSun, UnDefend, BlueHammer, and YellowKey. It adds new reporting on Microsoft's response to backlash over language seen as threatening legal action, clarifies that Microsoft says it does not intend to pursue action against good-faith researchers, and provides more detail on the researcher-vendor dispute and Microsoft's takedown of the researcher's portal and GitHub access.
2026.06.02
95% relevant
This article covers the same underlying Nightmare-Eclipse Windows zero-day disclosure saga and adds new information that Microsoft publicly softened its rhetoric, said it does not intend to pursue legal action against researchers publishing security research, and acknowledged criticism over its earlier response after some of the dumped flaws were exploited in the wild.
Bruce Schneier
2026.06.02
95% relevant
This article is about the same Nightmare Eclipse disclosure campaign and adds that Microsoft has threatened legal action against the anonymous researcher behind the published Windows exploits.
2026.06.01
93% relevant
This article directly updates the Nightmare Eclipse Windows zero-day disclosure saga by adding Microsoft's walk-back: it says it does not intend to pursue legal action against researchers, acknowledges some researcher interactions fell short, and the source also notes Nightmare Eclipse plans to release another Secure Boot flaw that could bypass BitLocker and affect confidential VMs.
2026.05.29
95% relevant
This directly updates the same Nightmare Eclipse Windows zero-day disclosure campaign with Microsoft's first formal response, confirmation that the researcher threatened another release on July 14, and added context on GitHub and Blogger pages being taken down.
2026.05.28
100% relevant
This article establishes a broader underlying event than the existing YellowKey story: a coordinated cluster of six Windows zero-day disclosures by Nightmare Eclipse, with three already exploited and multiple flaws still unpatched.