Just hours after Microsoft’s June 2026 Patch Tuesday rollout, the big tech firm’s nemesis, a security researcher known as Nightmare Eclipse, published a new Windows zero-day exploit on GitHub, where the researcher had previously and very publicly been banned from.

According to details published by Nightmare Eclipse, the zero-day, dubbed RoguePlanet, targets Microsoft Defender and allegedly works against fully patched Windows 10 and Windows 11 systems.

The exploit, which is bound to escalate an already bitter public feud between the researcher and Microsoft, allows an attacker to exploit a flaw in Microsoft Defender and gain System-level access – the highest level of privilege in Windows.

A successful attack would give a malicious user near-complete control over the affected computer.

According to the so-called “vengeful researcher,” RoguePlanet was initially capable of allowing hackers to remotely take over a computer.

Microsoft’s changes to Defender appear to have blocked that attack path, so the published exploit now focuses on giving attackers full control of a computer they already have access to – an effort that the researcher complained, “drained my soul.”

ThreatLocker verifies the exploit

The exploit’s legitimacy has been independently verified by US-based security firm ThreatLocker, which confirmed its intelligence team successfully reproduced the track shortly after publication.

The company added that its Application Allowlisting controls blocked the explicit by default and said it was continuing to assess the wider impact.

Vengeful Tuesday

For the third month in a row, the disgruntled researcher timed the disclosure to coincide with Microsoft’s Patch Tuesday release, which saw fixes published for two vulnerabilities previously disclosed by Nightmare Eclipse.

The first, GreenPlasma (CVE-2026-45586), is a local privilege escalation flaw Microsoft said was likely exploitable. The second, MiniPlasma (CVE-2020-17103), is described by Microsoft as a regression of an older vulnerability first addressed in 2020, meaning the issue associated with it either reappeared or was never fully addressed.

Posting on X as Chaotic Eclipse on Wednesday, the researcher appeared to goad the big tech firm, sharing Microsoft’s monthly update, with the comment “Someone tell Microsoft they forgot to add RoguePlanet.”

Microsoft has yet to release patches for other vulnerabilities disclosed by Nightmare Eclipse, which appear to cover every color under the rainbow, including the BlueHammer, RedSun, GreenPlasma, and YellowKey flaws.

One person's freedom fighter….

Nightmare Eclipse’s psycho-drama with Microsoft has divided security researchers. Supporters regard the anonymous researcher as a “Mr. Robot” style whistleblower exposing weaknesses and challenging a powerful corporation that, they claim, left them “homeless with nothing.”

However, some security researchers working for larger security firms, such as Baracuda, have labeled Nightmare Eclipse as a malicious actor conducting a retaliatory campaign against Microsoft, arguing that the repeated release of working zero-days has already contributed to real-world attacks.

Banned from repos

The dispute has also spilled onto code hosting platforms: after a series of public exploit releases, repos linked to Nightmare Eclipse were removed from GitHub and later GitLab.

The researcher responded by creating an independent hosting infrastructure while continuing to distribute code through alternative platforms.

A new GitHub repository hosting RoguePlanet has since appeared, although the researcher wrote in a blog published Tuesday that it might only be a matter of time before that account is removed as well.

---

Unlock more exclusive Cybernews content on YouTube.