CRITICALZero Day
Global

Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation

·Source: The Hacker News

Updated:

Executive Summary

An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse

Analysis

An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have been codenamed YellowKey and GreenPlasma, respectively, by the researcher, who goes by the online aliases Chaotic Eclipse
Source Attribution

Originally published by The Hacker News on May 14, 2026.

Related Threats

CRITICALZero Day

New Cisco SD-WAN Zero-Day Grants Admin Access

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/new-cisco-sd-wan-zero-day-grants-admin-access-image_small-6-a-31708.jpg" align=right hspace=4><b>Broken vdaemon Peering Authentication Enables Unauthenticated Admin Access</b><br>A maximum-severity vulnerability in Cisco Catalyst SD-WAN Controller is being actively exploited, giving attackers administrative privileges without auth

Bank Info Security
CRITICALZero Day

Exchange Server zero-day vulnerability can be triggered by opening a malicious email

A newly discovered zero-day vulnerability in Microsoft Exchange Server has experts declaring an emergency and urging CSOs to think about the need to abandon on-premises email solutions. “Because it’s already being exploited in the wild, this isn’t a ‘patch next week situation; it’s a ‘mitigate right now’ emergency,” warned Rob Enderle of the Enderle Group. “This is another reminder to find a trust

CVE-2026-42897
CSO Online
CRITICALZero Day

Microsoft Exchange, Windows 11 hacked on second day of Pwn2Own

​During the second day of Pwn2Own Berlin 2026, competitors collected $385,750 in cash awards after exploiting 15 unique zero-day vulnerabilities in multiple products, including Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux for Workstations. [...]

BleepingComputer