Researcher Drops YellowKey, GreenPlasma Windows Zero-Days
YellowKey is a BitLocker bypass that requires physical access. GreenPlasma enables elevation of privileges to System. The post Researcher Drops YellowKey, GreenPlasma Windows Zero-Days appeared first on SecurityWeek.
A disgruntled security researcher this week publicly disclosed two zero-day vulnerabilities in Windows that enable BitLocker bypass and privilege escalation.
BitLocker, Windows’ built-in full-volume encryption feature, relies on TPM (Trusted Platform Module) to deliver hardware-based security, protecting users’ data from unauthorized access if the device is stolen or lost.
On Tuesday, a cybersecurity researcher known as Chaotic Eclipse and Nightmare Eclipse published proof-of-concept (PoC) code that allows an attacker with physical access to a machine running Windows 11 to bypass BitLocker and gain unrestricted access to the storage volume. The exploit has been dubbed YellowKey.
Source: https://www.securityweek.com/researcher-drops-yellowkey-greenplasma-windows-zero-days/
Related breach coverage
- Hackers Targeted PraisonAI Vulnerability Hours After Disclosure2026-05-14
The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed. The post Hackers Targeted PraisonAI Vulnerability Hours After Disclosure appeared first on SecurityWeek.
- Webinar Today: ROI for Cyber-Physical Security Programs2026-05-13
This webinar will help OT security teams and asset owners stop being cost centers and start being resilience drivers. The post Webinar Today: ROI for Cyber-Physical Security Programs appeared first on SecurityWeek.
- Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises2026-05-13
CVE-2026-40361 is similar to a vulnerability found a decade ago, BadWinmail, which at the time was dubbed an “enterprise killer”. The post Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises appeared first on SecurityWeek.
- High-Severity Vulnerability Patched in VMware Fusion2026-05-14
The patch was announced as Broadcom is attending the Pwn2Own hacking competition in Berlin this week. The post High-Severity Vulnerability Patched in VMware Fusion appeared first on SecurityWeek.