Nightmare-Eclipse (Chaotic Eclipse) is a malicious actor driven by a personal grievance against Microsoft.
The exploits published by this threat actor have been observed in threat activity linked to Russian-geolocated infrastructure.
Defenders should prioritize patching CVE-2026-33825, hardening BitLocker and layering network detection and identity controls that operate independently of the compromised endpoint.
…
Personal grievance. Claims Microsoft violated an agreement and “left me homeless with nothing.” No evidence of financial motive or nation-state affiliation.
Could I get some context please?
Sure!
https://blog.barracuda.com/2026/05/19/nightmare-eclipse-zero-days-grudge
TLDR from the link:
Not really. They reported the bug properly, Microslop hasn’t upholded the contract, so they aren’t going to uphold their end either.
Thank you for filling me in.
I think it’s this: https://www.darkreading.com/vulnerabilities-threats/nightmare-eclipse-microsoft-exploit-rogueplanet