Skip to content
Cyvex Security

Researcher Drops YellowKey, GreenPlasma Windows Zero-Days

YellowKey is a BitLocker bypass that requires physical access. GreenPlasma enables elevation of privileges to System. The post Researcher Drops YellowKey, GreenPlasma Windows Zero-Days appeared first on SecurityWeek.

A disgruntled security researcher this week publicly disclosed two zero-day vulnerabilities in Windows that enable BitLocker bypass and privilege escalation.

BitLocker, Windows’ built-in full-volume encryption feature, relies on TPM (Trusted Platform Module) to deliver hardware-based security, protecting users’ data from unauthorized access if the device is stolen or lost.

On Tuesday, a cybersecurity researcher known as Chaotic Eclipse and Nightmare Eclipse published proof-of-concept (PoC) code that allows an attacker with physical access to a machine running Windows 11 to bypass BitLocker and gain unrestricted access to the storage volume. The exploit has been dubbed YellowKey.

Source: https://www.securityweek.com/researcher-drops-yellowkey-greenplasma-windows-zero-days/

Related breach coverage

  • Researchers uncover YellowKey and GreenPlasma Windows Zero-Days
    2026-05-15

    Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework. A security researcher known as Chaotic Eclipse, also called Nightmare-Eclipse, disclosed two new Windows zero-day vulnerabilities named YellowKey and GreenPlasma. The flaws affect BitLocker and the Windows Collaborative Translation Framework (CTFMON). YellowKey could allow attackers to bypass BitLocker protections, […]

  • Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE
    2026-05-18

    The researcher dropped the MiniPlasma exploit that uses the original proof-of-concept (PoC) code targeting the bug. The post Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE appeared first on SecurityWeek.

  • Akamai to Acquire AI and Browser Security Firm LayerX for $205 Million
    2026-05-14

    The acquisition enables Akamai to expand its Zero Trust portfolio to add protection directly into the browser. The post Akamai to Acquire AI and Browser Security Firm LayerX for $205 Million appeared first on SecurityWeek.

  • Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 
    2026-05-18

    Participants demonstrated exploits for Windows, Linux, VMware, Nvidia, and AI products. The post Hackers Earn $1.3 Million at Pwn2Own Berlin 2026  appeared first on SecurityWeek.