May 13, 2026
Patch Tuesday, Panic Wednesday
Mystery Microsoft bug leaker keeps the zero-days coming
A rogue bug-dropper just embarrassed Windows again — and the comments are spiraling
TLDR: An anonymous bug leaker exposed two more serious Windows flaws, including one that could let thieves get into encrypted laptops. The comments instantly split between conspiracy theories, anti-Microsoft rage, and people making very questionable jokes about unlocking old family computers.
Microsoft’s latest security headache isn’t just the two newly exposed flaws — it’s the absolute chaos in the comments after an anonymous researcher dropped them right after Patch Tuesday, the company’s monthly fix day. The leaker, going by Nightmare-Eclipse or Chaotic Eclipse, says one flaw, YellowKey, can help unlock a BitLocker-protected laptop with a USB stick and the right steps. The other, GreenPlasma, could help an attacker grab top-level control on a machine after they’re already inside. Security experts say this is serious stuff, especially because one of these bugs affects stolen laptops — in plain English, a lost device could turn into a full-on data disaster.
But the real fireworks came from the peanut gallery. One commenter immediately went full conspiracy mode, claiming the bugs “were most likely M$ backdoors” and demanding a whistleblower. Another took a much more chaotic approach: “Oh cool. My brother’s old laptop is locked. Maybe this will help,” which is the sort of joke that makes security people spill their coffee. Others dunked on Microsoft more broadly, with one person saying the BitLocker issue is a reminder not to trust “vendor provided encryption” for sensitive files. Even the GitHub repo caused side-eye, with complaints that viewing the BlueHammer code required a login. So while experts are talking mitigations and patch timelines, the crowd is busy arguing whether this is incompetence, conspiracy, or just another spectacular Windows mess.
Key Points
- •An anonymous researcher using the aliases Nightmare-Eclipse and Chaotic Eclipse disclosed two new alleged Windows zero-days, YellowKey and GreenPlasma, shortly after Microsoft's Patch Tuesday.
- •YellowKey is described as a BitLocker bypass requiring physical access and a USB drive, with experts warning it could expose data on stolen Windows devices.
- •GreenPlasma is described as a privilege-escalation flaw; only partial exploit code was released, and the current code triggers a UAC consent prompt in default configurations.
- •Security experts cited by the article said YellowKey may be mitigated with a BitLocker PIN and BIOS password lock, while no known mitigation was identified for GreenPlasma pending a Microsoft patch.
- •The article says these are the fourth and fifth Microsoft zero-days disclosed by the same researcher this year, following BlueHammer, RedSun, and UnDefend.