Researcher Discloses Six Zero-Day Vulnerabilities in Windows Components

A researcher known as Chaotic Eclipse (also called Nightmare-Eclipse) publicly disclosed six unpatched zero-day vulnerabilities in Windows components, including Microsoft Defender and BitLocker, over the past month without prior warning. Microsoft criticized the disclosures as irresponsible, while the researcher claimed Microsoft had previously ignored their reports. Three of the vulnerabilities are now being actively exploited in the wild. No specific CVE identifiers, technical details, or exact exploitation dates were provided in the report. The impacted software includes core Windows security features, though the full scope of affected versions remains unclear.