eclipse Archives

AppWizard

June 4, 2026

Toy Story 2: Buzz Lightyear And More Classics Are Getting Remastered

Digital Eclipse is set to release a remastered collection titled Toy Story: Retro Roundup on October 15, featuring 11 games, including nine from the Toy Story series and two from A Bug’s Life, for consoles and PC. The collection includes titles such as Toy Story (1995), Toy Story 2: Buzz Lightyear to the Rescue! (1999), and A Bug’s Life (1998). Enhanced features will include improved rendering, gameplay rewind, and cheats, along with exclusive developer interviews and behind-the-scenes content. Additionally, Toy Story 3: Complete Edition will be released, offering updated visuals and new gameplay options. The collection will be available on PS5, PS4, Xbox Series X/S, Xbox One, Switch, Switch 2, and PC, with a bundle option for most platforms. There will be no physical release for Xbox.

AppWizard

June 2, 2026

Retro roguelike action game Dungeon Lurker announced for PC

13AM Games is developing a retro roguelike action game titled Dungeon Lurker, set to launch on PC via Steam in the first quarter of 2027. The game features dark horror themes and intense combat, with over 30 unique levels, dynamic real-time battles against various enemies, and a range of spells and potions for players to unlock. Players will explore a cursed dungeon, uncover hidden paths and collectible items, and upgrade their gear. The game includes a manual with additional secrets and culminates in a challenge against the DARKLORD. Trailers for the game are available for viewing.

Winsage

June 1, 2026

Windows Server vulnerability can grant system privileges with just a malformed packet — domain controllers are being exploited in the wild

Microsoft is facing scrutiny due to a critical remote execution vulnerability, CVE-2026-41089, rated at 9.8, affecting Windows Server domain controllers from version 2012 onward. This vulnerability allows unauthenticated users on the same network to send malformed UDP packets to a domain controller, potentially granting unauthorized system access or causing a reboot, leading to denial-of-service scenarios. The vulnerable service is Netlogon, and there are no immediate mitigations available; patches will be released on May 12. The vulnerability could allow attackers to create multiple accounts with various access levels, compromising the security of entire networks. Cybersecurity experts recommend patching all linked domain controllers simultaneously. The vulnerability is caused by a buffer overflow in the Netlogon service due to a field in a network packet exceeding its expected size. A GitHub repository exists with proof-of-concept code that can crash the LSASS service. Additionally, Microsoft is in conflict with security researcher Chaotic Eclipse, who has published zero-day exploits following a breakdown in negotiations.

Winsage

June 1, 2026

CISA gives Windows admins until June 3 to patch Nightmare Eclipse Defender flaws

Recent updates from CISA highlight critical vulnerabilities in Microsoft products, specifically CVE-2026-41091 and CVE-2026-45498. CVE-2026-41091 could allow attackers to execute arbitrary code, leading to unauthorized access and control over affected systems. CVE-2026-45498 may enable attackers to compromise system integrity, threatening sensitive data and operational continuity. Organizations using Microsoft products are urged to prioritize patching these vulnerabilities.

Winsage

June 1, 2026

Critical Windows Netlogon RCE flaw now exploited in attacks

The Centre for Cybersecurity Belgium (CCB) has warned about the exploitation of a critical vulnerability in Windows Netlogon, identified as CVE-2026-41089, which allows remote code execution on domain controllers without prior access or authentication. This vulnerability, characterized as a stack-based buffer overflow, was patched by Microsoft during the May 2026 Patch Tuesday. The CCB emphasized the urgency of patching vulnerable servers, noting that the vulnerability is actively being exploited. The CVSS score for this vulnerability is 9.8. Further details on the ongoing attacks have not been disclosed, and Microsoft has not updated its advisory on the vulnerability.

Winsage

May 31, 2026

Microsoft faces security community backlash over Nightmare Eclipse

Microsoft has enhanced its cybersecurity offerings through the integration of Microsoft Defender, which now features improved threat detection capabilities and artificial intelligence to predict and counteract potential threats. Additionally, Microsoft has partnered with Barracuda Network to provide a comprehensive suite of security features, including enhanced email security, advanced threat protection, and streamlined incident response, aimed at creating a fortified environment for businesses.

Winsage

May 29, 2026

Microsoft 0-day feud escalates as researcher threatens another Windows exploit dump

The conflict between Microsoft and security researcher Nightmare Eclipse has intensified, with Nightmare threatening to release vulnerabilities on July 14. Nightmare has disclosed six zero-day vulnerabilities affecting Windows, including BlueHammer, RedSun, UnDefend, YellowKey, GreenPlasma, and MiniPlasma. Microsoft responded by stating that these vulnerabilities were not reported through official channels before their disclosure. Following the release of exploit code for three vulnerabilities, attackers began exploiting them, raising concerns about YellowKey (CVE-2026-45585), which remains unfixed. Nightmare accused Microsoft of silencing them by deleting their MSRC account, leading to frustration over their treatment. The cybersecurity community has noted the significant damage caused by Nightmare, with comparisons to advanced persistent threat groups. Experts criticized Microsoft's handling of the situation, emphasizing the need for better communication and collaboration with researchers. They pointed out that the responsibility for vulnerabilities lies with Microsoft as the code's creator and highlighted the challenges in vulnerability disclosure practices within the industry.

Winsage

May 28, 2026

“I have proof for every single word”: This security researcher’s GitHub and Microsoft accounts were deleted after claiming a Windows 11 exploit in BitLocker is by design

A zero-day exploit named YellowKey was revealed by a researcher known as "Chaotic Eclipse" or Nightmare-Eclipse, which allows access to BitLocker-protected drives on Windows 11 using a USB key. Microsoft acknowledged the vulnerability, tracked as CVE-2026-45585, and provided mitigation strategies. The researcher expressed frustration over Microsoft's handling of the situation, including the banning of their GitHub account and lack of communication regarding unpaid bounties from Microsoft's MSRC program, which offers rewards for reporting vulnerabilities. Nightmare-Eclipse hinted at having evidence to support their claims and indicated plans to release documents related to the issue.

Winsage

May 28, 2026

Microsoft’s GitHub bans security researcher who posted zero-day Windows exploits because company ‘ruined their life’ — expert claims action is vindictive and promises further retaliation

Researcher Nightmare-Eclipse, also known as Chaotic Eclipse, has had their GitHub account banned by Microsoft, leading them to move their operations to GitLab. Microsoft also deleted Eclipse's Microsoft account used for reporting vulnerabilities. Eclipse claims that they have not received any financial rewards from Microsoft's bug bounty program, despite having reported multiple zero-day vulnerabilities. They possess a portfolio of six zero-day exploits and have hinted at revealing more on July 14. Eclipse has criticized Microsoft for their handling of vulnerability reports and suggested that the company's recent requirement for video evidence of exploits has contributed to tensions. Microsoft has not commented on the specifics of the situation. Eclipse's zero-day exploits include BlueHammer, RedSun, UnDefend, GreenPlasma, MiniPlasma, and YellowKey, with BlueHammer, RedSun, and UnDefend confirmed as actively exploited in the wild.

Winsage

May 25, 2026

Windows zero-days expose gaps in built-in security protections

Two Windows zero-day vulnerabilities, YellowKey and GreenPlasma, have been identified. YellowKey targets the Windows Recovery Environment (WinRE) on Windows 11 and Windows Server 2025, allowing attackers with physical access to bypass BitLocker protections using a USB device. GreenPlasma affects Windows 10, Windows 11, and Windows Server environments with active Collaborative Translation Framework Monitor (CTFMON) sessions, enabling local privilege escalation from a standard user account to SYSTEM-level privileges. Both vulnerabilities require either physical or local access to exploit. Microsoft has not yet released patches for these vulnerabilities, prompting organizations to enhance their security measures and operational resilience. Recommendations include reassessing physical security, limiting local administrative access, and implementing multifactor authentication and robust credential management practices.