Overview
- A researcher using the names Chaotic Eclipse and Nightmare Eclipse publicly released proof‑of‑concept code for six zero‑day flaws in Windows Defender, BitLocker and the Cloud Filter driver over the past six weeks, and Microsoft published a formal condemnation on Wednesday.
- Three of the disclosed bugs — BlueHammer, RedSun and UnDefend — were observed exploited in the wild after public release, prompting emergency mitigations from Microsoft and CISA listings for the affected flaws.
- Microsoft disabled the researcher’s MSRC, GitHub and GitLab accounts and said its Digital Crimes Unit may pursue legal referrals, while the researcher denies being ignored, says reporting channels were closed, and has threatened another release on July 14.
- Leading security figures warned that invoking criminal investigation risks chilling legitimate research, and experts say the incident highlights pressure on the coordinated vulnerability disclosure model as AI and higher bug volumes shorten patch windows.
- Several disclosed flaws including YellowKey, GreenPlasma and MiniPlasma remain without fixes, forcing security teams to deploy ad hoc mitigations and detection rules now and to prepare for further weaponized releases.