A disgruntled security researcher, known as Nightmare Eclipse, has been releasing zero-day exploits for Windows, with six already disclosed, including RedSun, UnDefend, and BlueHammer. The researcher has pledged to release another "bone shattering" set of exploits on July 14, escalating the feud with Microsoft. Microsoft has responded with a blog post on coordinated vulnerability disclosure, addressing the now-public bugs. The situation has become so severe that Microsoft has involved law enforcement. The researcher's actions have significant implications for Windows users, as the zero-day exploits can be used to compromise systems before patches are available1. This highlights the importance of assessing exposure to these vulnerabilities immediately, as the window for patching is rapidly closing. The situation underscores the need for organizations to prioritize vulnerability management and patching to mitigate the risk of zero-day attacks.
Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops
⚡ High Priority
Why This Matters
Zero-day activity targeting Microsoft means patching windows are already closing — assess your exposure immediately.
References
- The Register. (2026, May 28). Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops. *The Register*. https://www.theregister.com/security/2026/05/28/microsoft-0-day-feud-escalates-as-researcher-threatens-another-windows-exploit-dump/5248085
Original Source
The Register
Read original →