Researchers uncover YellowKey and GreenPlasma Windows Zero-Days

Related breach coverage

• Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix
  2026-05-18

  MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day called MiniPlasma, which can grant attackers SYSTEM privileges on fully patched systems. The flaw affects “cldflt.sys,” the […]

• Researcher Drops YellowKey, GreenPlasma Windows Zero-Days
  2026-05-14

  YellowKey is a BitLocker bypass that requires physical access. GreenPlasma enables elevation of privileges to System. The post Researcher Drops YellowKey, GreenPlasma Windows Zero-Days appeared first on SecurityWeek.

• Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K
  2026-05-15

  Day two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days. During the second day of Pwn2Own Berlin 2026, security researchers earned $385,750 after successfully demonstrating 15 unique zero-day vulnerabilities affecting products such as Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux […]

• Linux Kernel bug Fragnesia allows local root access attacks
  2026-05-14

  Fragnesia, a new Linux kernel flaw tracked as CVE-2026-46300, could let local attackers gain root access through page cache corruption. Researchers disclosed a new Linux kernel privilege escalation vulnerability named Fragnesia, tracked as CVE-2026-46300 (CVSS score of 7.8). The flaw affects the XFRM ESP-in-TCP subsystem and could allow local attackers to gain full root access […]