Microsoft Windows hit by Nightmare Eclipse zero‑day dump
In late May, security researcher known as Nightmare Eclipse (also referred to as Chaotic Eclipse) publicly released six weaponized Windows zero‑day vulnerabilities, including flaws dubbed RedSun, YellowKey, UnDefend, BlueHammer, GreenPlasma and MiniPlasma. Three of these were already being actively exploited before Microsoft could develop any patches, leaving enterprise Windows environments instantly exposed.
Microsoft has moved quickly to issue security updates and is working to restore trust with the security research community. The company has emphasized the need for coordinated disclosure, rejected legal action against good‑faith researchers, and warned that malicious use of the exploits will be pursued with law‑enforcement support. The incident has heightened urgency for organizations, especially in France, to apply the latest patches and reassess their zero‑day vulnerability management practices.