Tag

Nightmare Eclipse

All articles tagged with #nightmare eclipse

Microsoft Patches Trio of Windows Zero-Days Exploited by Nightmare Eclipse
security1 month ago

Microsoft Patches Trio of Windows Zero-Days Exploited by Nightmare Eclipse

Microsoft released June 2026 Patch Tuesday fixes for three Windows zero-days—GreenPlasma and MiniPlasma privilege-escalation flaws in the Collaborative Translation Framework and Cloud Files Mini Filter Driver, and YellowKey in WinRE—that could allow attackers to gain SYSTEM-level access or bypass BitLocker on patched Windows 11 and Windows Server 2022/2025 systems. The flaws were disclosed by Nightmare Eclipse in protest of MSRC handling, continuing a series of leaks and PoCs (BlueHammer, RedSun, UnDefend, RoguePlanet). Microsoft provided mitigations and warned about PoC disclosures, while saying it would coordinate with law enforcement if needed.

Microsoft's crackdown on public zero-days fuels security researcher feud
tech1 month ago

Microsoft's crackdown on public zero-days fuels security researcher feud

Microsoft is facing backlash over its handling of zero-day exploits after a security researcher going by Nightmare Eclipse publicly posted exploit code. Microsoft says it plans to file a criminal case for failing to coordinate disclosure and has disabled Nightmare Eclipse's GitHub, GitLab, and MSRC accounts. Security researcher Kevin Beaumont notes that Microsoft has hired people with public zero-day histories and even buys exploits, raising questions about the company’s stance on “responsible disclosure” and highlighting a broader clash between vendors and researchers over vulnerability reporting.

technology1 month ago

GitHub bans vigilante Windows zero-day leaker over disclosed flaws

GitHub terminated the anonymous security researcher Nightmare-Eclipse after publicly disclosing unpatched Windows vulnerabilities, with the researcher moving to GitLab and continuing to publish exploits (BlueHammer, YellowKey) and threats; Microsoft says the disclosures violated coordinated vulnerability disclosure practices, sparking mixed reactions from the community.

Public PoC Unleashes Windows 'MiniPlasma' Privilege-Escalation to SYSTEM
cyber-security-news1 month ago

Public PoC Unleashes Windows 'MiniPlasma' Privilege-Escalation to SYSTEM

A publicly released PoC for the Windows 'MiniPlasma' zero-day privilege-escalation flaw lets unprivileged users gain SYSTEM privileges by exploiting the Cloud Filter driver’s HsmOsBlockPlaceholderAccess race condition and writing to the .DEFAULT hive. The bug traces to CVE-2020-17103 (originally patched in 2020 by Microsoft) but the PoC shows the flaw remains exploitable; Nightmare-Eclipse released the exploit on GitHub on May 13, 2026, after May Patch Tuesday, increasing risk as weaponized code circulates and affects all Windows versions. Organizations should monitor Microsoft’s response and apply patches when available.

Nightmare-Eclipse Privilege Tools Breach FortiGate SSL VPN in the Wild
cyber-security2 months ago

Nightmare-Eclipse Privilege Tools Breach FortiGate SSL VPN in the Wild

Attackers used publicly released Nightmare-Eclipse privilege-escalation tools—BlueHammer, RedSun, and UnDefend—after compromising a FortiGate SSL VPN, marking the first in-the-wild use against a live enterprise. BlueHammer has been patched via CVE-2026-33825; RedSun and UnDefend remain unpatched zero-days. BeigeBurrow served as a covert C2. The intrusion involved VPN logins from Russia and other countries, with binary artifacts including FunnyApp.exe, RedSun.exe, undef.exe, and the BeigeBurrow domain staybud.dpdns.org. Mitigations include applying the April 2026 patch, scanning for artifacts in user-writable paths, reviewing VPN authentication logs for multi-country access, blocking agent.exe -server -hide, and applying the published YARA rule to detect BeigeBurrow.