By Connor Jones
Publication Date: 2026-05-13 16:16:00
Security
Security pros warn YellowKey claim could make stolen laptops a much bigger problem
The anonymous security researcher who has already maliciously exposed three Windows zero-days this year has revealed two more, dropping them just after Microsoft’s monthly Patch Tuesday update.
Nightmare-Eclipse, or Chaotic Eclipse, depending on which of their aliases you prefer, released details about YellowKey and GreenPlasma – respectively a BitLocker bypass and a privilege escalation flaw, handing SYSTEM access to attackers.
Experts speaking to The Register warned that both vulnerabilities present serious security concerns, especially since Nightmare-Eclipse released substantial technical information about exploiting them.
Nightmare-Eclipse described YellowKey as “one of the most insane discoveries I ever found.” They provided the files, which have to be loaded onto a USB drive, and if the attacker completes the key…
