A security researcher known as "Nightmare Eclipse" has disclosed six Windows vulnerabilities over six weeks, including three new ones — YellowKey, GreenPlasma, and MiniPlasma — revealed shortly after Microsoft's May 2026 Patch Tuesday. These flaws target core Windows security components, enabling attacks such as BitLocker bypass, privilege escalation to SYSTEM, and exploitation of a vulnerability Microsoft believed it had patched in 2020. Microsoft has only officially patched one of the six flaws so far, and experts warn that the researcher's deliberate timing — releasing disclosures immediately after Patch Tuesday — maximises the window of exposure before the next patch cycle.
