Nightmare-Eclipse’s Windows disclosure spree keeps growing: MiniPlasma is only the latest entry in what has become one of 2026’s most chaotic Windows disclosure runs.The spree began with BlueHammer, a Windows Defender privilege escalation flaw later assigned CVE-2026-33825. That was followed by RedSun and UnDefend, two additional Windows privilege escalation and denial-of-service disclosures. Huntress later reported observing BlueHammer, RedSun, and UnDefend tooling during a real-world intrusion investigation related to suspicious VPN activity and hands-on-keyboard attacker behavior.Earlier this month, Eclipse also released YellowKey and GreenPlasma. YellowKey allegedly bypasses TPM-only BitLocker protections by abusing Windows Recovery Environment behavior to gain shell access to encrypted drives, while GreenPlasma is another local privilege escalation technique aimed at achieving SYSTEM access.It was during their follow-up investigation into the GreenPlasma technique that Eclipse ran into MiniPlasma. “After re-investigating the technique used in GreenPlasma (specifically SetPolicyVal), it turns out ‘cldflt!HsmOsBlockPlaceholderAccess’ is still vulnerable to the exact same issue that was reported to Microsoft 6 years ago,” Eclipse said.The researcher reportedly disagreed with how Microsoft handled the BlueHammer disclosure, making their subsequent string of Windows vulnerability PoCs particularly interesting.”Over the past several weeks, Nightmare-Eclipse has released a relentless string of zero-day/regression disclosures,” Sarkar pointed out. “The timing is a giveaway, the MiniPlasma was released on May 13, 2026″, exactly one day after Microsoft’s May Patch Tuesday cycle, ensuring defenders have no official vendor patch for weeks. But yes, that is exactly where microsegmentation integrated with existing EDR platforms helps.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4172320/patched-windows-bug-resurfaces-6-years-later-as-working-system-level-exploit.html
