Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

Microsoft criticized an uncoordinated disclosure by researcher 'Chaotic Eclipse' (aka Nightmare-Eclipse) who published multiple zero-day vulnerabilities affecting Windows components (including Defender and BitLocker) — several CVEs are listed (BlueHammer CVE-2026-33825, RedSun CVE-2026-41091, UnDefend CVE-2026-45498, YellowKey CVE-2026-45585, GreenPlasma, MiniPlasma). The report states BlueHammer, RedSun, and UnDefend are being actively exploited in the wild, proof-of-concept exploit code was posted publicly (subsequently removed/blocked on platforms), and the researcher has publicly threatened an additional release on July 14, 2026.