Back

Nightmare-Eclipse Banned from GitHub and GitLab for Zero-Day Exploits

Severity: High (Score: 68.0)

Sources: Cybernews, Cybersecuritynews

Published: 2026-05-27 · Updated: 2026-05-27

Keywords: researcher, windows, rogue, security, github, anonymous, known

Summary

The anonymous security researcher known as Nightmare-Eclipse has been banned from both GitHub and GitLab due to the release of multiple unpatched Windows vulnerabilities. GitHub terminated the account on May 25, 2026, after the researcher disclosed six exploits, including critical privilege escalation vulnerabilities like BlueHammer and YellowKey. Microsoft accused the researcher of violating coordinated vulnerability disclosure practices, leading to a public feud. Following the GitHub ban, Nightmare-Eclipse moved to GitLab, where they continued to release exploits until being suspended on May 26, 2026. The researcher has threatened further disclosures, claiming Microsoft has left them with no choice. The situation has sparked significant backlash within the cybersecurity community, highlighting tensions between researchers and corporate entities over vulnerability disclosure practices. Key Points: • Nightmare-Eclipse released multiple unpatched Windows vulnerabilities, including BlueHammer. • GitHub and GitLab both suspended the researcher within a week for disruptive activities. • Microsoft accused the researcher of violating coordinated vulnerability disclosure practices.

Detailed Analysis

**Impact** Microsoft Windows users worldwide are affected by multiple critical unpatched zero-day vulnerabilities disclosed publicly. The exploits enable privilege escalation to SYSTEM level and full system control, impacting enterprise and consumer sectors reliant on Windows OS. The public release of these exploits increases the risk of widespread attacks and operational disruptions, particularly for organizations that delay patching. No specific data breach or exfiltration has been reported. **Technical Details** The attacker, an anonymous researcher known as Nightmare-Eclipse, released six zero-day exploits targeting Windows privilege escalation, Windows Defender, and BitLocker encryption bypass. Notable exploits include BlueHammer (privilege escalation), YellowKey (privilege escalation violating coordinated disclosure), and a BitLocker bypass using a USB stick. One vulnerability exploited had remained unpatched for six years after initial reporting by Google. The exploits were hosted on GitHub and later moved to GitLab after account suspensions. No CVE identifiers or IOCs were provided in the articles. **Recommended Response** Organizations should prioritize applying all recent Microsoft security patches addressing privilege escalation and Windows Defender vulnerabilities. Monitoring for unusual privilege escalation attempts and unauthorized USB device usage is advised. Security teams should track public exploit disclosures related to these zero-days and update detection rules accordingly. No specific IOCs or signatures are available from the sources to implement immediate blocking.

Source articles (2)

  • Rogue security researcher banned on GitHub — Cybernews · 2026-05-25
    GitHub has terminated the account of “Nightmare-Eclipse,” an anonymous rogue security researcher known for dropping critical unpatched Windows vulnerabilities since Microsoft left them “homeless with…
  • GitLab Suspends Windows Exploit Researcher Nightmare — Cybersecuritynews · 2026-05-27
    The anonymous researcher known as Nightmare-Eclipse has been blocked from two major code-hosting platforms in less than a week, as their disruptive public zero-day campaign against Microsoft draws ser…

Timeline

  • 2026-04-02 — First zero-day exploit released: Nightmare-Eclipse disclosed BlueHammer, a critical privilege escalation exploit for Windows.
  • 2026-05-25 — GitHub bans Nightmare-Eclipse: GitHub terminated the account of Nightmare-Eclipse after the researcher released multiple exploits.
  • 2026-05-26 — GitLab suspends Nightmare-Eclipse: GitLab suspended the account of Nightmare-Eclipse following the GitHub ban and ongoing exploit releases.
  • 2026-05-27 — Community backlash grows: The actions against Nightmare-Eclipse have sparked significant backlash in the cybersecurity community.

Related entities

  • Zero-day Exploit (Attack Type)
  • GitHub (Platform)
  • Gitlab (Platform)
  • BitLocker (Platform)
  • Windows (Platform)
  • Windows Defender (Platform)
  • Google (Company)
  • Microsoft (Company)
  • CWE-269 - Improper Privilege Management (Cwe)
  • T1068 - Exploitation for Privilege Escalation (Mitre Attack)
  • BlueHammer (Vulnerability)
  • YellowKey (Vulnerability)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed