An anonymous researcher known as Nightmare-Eclipse has released two new Microsoft Windows zero-day vulnerabilities—YellowKey, a BitLocker bypass allowing unrestricted access to encrypted machines via USB, and GreenPlasma, a privilege escalation flaw granting SYSTEM access. Security experts warn these exploits pose serious risks, especially for stolen devices and post-compromise attacks, with no known mitigation currently available for GreenPlasma; this continues an ongoing series of damaging disclosures by the researcher following a claimed breach of trust with Microsoft.
Mystery Microsoft Bug Leaker Keeps the Zero-Days Coming

