Nightmare-Eclipse: 6 Windows Zero-Days, One Researcher

One researcher. Six Windows zero-days. Six weeks. Profile of the anonymous figure behind the spree of public Microsoft exploit drops. Since early April, a researcher using the aliases Nightmare-Eclipse on GitHub and Chaotic Eclipse on a blog has published working code for six Windows zero-days: BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, and MiniPlasma. The GitHub account is brand new with no prior public research. Microsoft patched BlueHammer in April Patch Tuesday but not the others. The researcher is rumored to be a former Microsoft employee and has framed the campaign as a response to how Microsoft's Security Response Center handled their initial report. They have warned the next round may include remote code execution bugs and have publicly described what they call a dead man switch of pre-staged disclosures. Huntress has observed several of the exploits being used in real attacks since around April 10th, in at least one case after an intruder broke in through a vulnerable FortiGate VPN. Sources: https://www.theregister.com/security/2026/05/13/disgruntled-researcher-releases-two-more-microsoft-zero-days/5239758 https://www.bleepingcomputer.com/news/security/disgruntled-researcher-leaks-bluehammer-windows-zero-day-exploit/ https://www.huntress.com/blog/nightmare-eclipse-intrusion https://deadeclipse666.blogspot.com/ https://github.com/Nightmare-Eclipse More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday. #cybersecurity #microsoft #zeroday