ADVERTISEMENT

Nightmare-Eclipse vs Microsoft saga continues: vigilante kicked off GitLab following GitHub ban

The controversial security researcher known as Nightmare-Eclipse, who has been persistently releasing unpatched Windows zero-days as a vendetta against Microsoft, has been booted from GitLab just days after migrating from GitHub.

nightmare-eclipse

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
May 27, 2026 Updated: 28 May 2026 2 min read

Listen to this article

0:00
0:00
gitlab
comments
ADVERTISEMENT

Who is Nightmare-Eclipse, and what have they done so far?

  1. BlueHammer: A Windows Defender local privilege escalation exploit that allowed attackers to run the included FunnyApp.exe, or compile their own version, and gain a Windows SYSTEM shell.
  2. RedSun: A similar exploit that was released immediately after Microsoft patched the first vulnerability, which also grants SYSTEM privileges.
  3. UnDefend: A Windows Defender disruption tool for stopping definition updates and causing denial of service. Defender can’t detect new threats while the system appears healthy.
  4. YellowKey: the “most insane” exploit, which completely bypasses BitLocker encryption using a USB stick.
  5. GreenPlasma: An incomplete privilege escalation vulnerability expanding beyond Defender flaws. It targets the CTFMON process, responsible for text input features and running as SYSTEM.
  6. MiniPlasma: another privilege escalation tool spawning SYSTEM shell. However, it exploits a 6-year-old flaw, originally identified by Google Project Zero, that hasn’t been patched, or the patch was rolled back.

ADVERTISEMENT