Microsoft 0-day feud escalates as researcher threatens another exploit dump

Security Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops Six 0-days, three under active exploitation, more to come on July 14? Jessica Lyons Jessica Lyons Published thu 28 May 2026 // 21:19 UTC The ongoing saga of Microsoft versus Nightmare Eclipse (aka Chaotic Eclipse), the disgruntled bug hunter with a deep understanding of Windows and an even deeper grudge against Microsoft, reached a fever pitch, with the researcher, who has thus far released six Windows zero-days, promising a “bone shattering” drop on July 14.  Microsoft, for its part, finally responded  to the security researcher and their weaponized Windows flaws with a blog post on (un)coordinated vulnerability disclosure about the now-public bugs: RedSun , UnDefend , BlueHammer , YellowKey , GreenPlasma, and MiniPlasma. Redmond says that none of these were reported via its official channels prior to being made public.  Attackers began hammering three of the six - BlueHammer, RedSun, and UnDefend - soon after Nightmare published working proof-of-concept exploit code for each on  now-banned GitHub (owned by Microsoft) and GitLab accounts.  REG AD MORE CONTEXT Mystery Microsoft bug leaker keeps the zero-days coming Microsoft's massive Patch Tuesday: It's raining bugs Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits Microsoft promises more bug payouts, with or without a bounty program YellowKey, GreenPlasma, and MiniPlasma still don’t have fixes, and Microsoft has deemed “exploitation more likely” for YellowKey, aka CVE-2026-45585, citing a working POC. REG AD “We remain firmly opposed to these actions, and any disclosure outside proper coordination that could harm our customers and the digital ecosystem,” Microsoft wrote in a Wednesday blog, and then seemingly threatened legal action against Nightmare: “Uncoordinated disclosures that put proof-of-concept code for unpatched vulnerabilit