Microsoft is threatening criminal charges against a security researcher who publicly released six zero-day exploits for core Windows components, including Windows Defender and BitLocker.
The researcher, known as Nightmare Eclipse, posted the exploit code on GitHub and GitLab between early April and mid-May 2026. Three of the vulnerabilities were quickly exploited in real-world attacks, prompting Microsoft to issue emergency patches.
The flaws, dubbed BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, and MiniPlasma, enable local privilege escalation and BitLocker bypass. Microsoft blocked the researcher’s accounts and condemned the disclosures as uncoordinated and dangerous.
Security experts like Kevin Beaumont warn that criminalizing such disclosures could chill legitimate security research and warns of another potential exploit release by July 14, 2026.