Tensions Archives

Winsage

June 10, 2026

Windows 11’s June update shuts down an intentional BitLocker backdoor with full file access

Microsoft addressed three zero-day vulnerabilities identified by security researcher Nightmare-Eclipse, named YellowKey, GreenPlasma, and MiniPlasma. The YellowKey vulnerability allows access to BitLocker-protected drives on Windows 11 using a USB key, leading to allegations that Microsoft may have left a backdoor in BitLocker. Microsoft implemented a mitigation strategy included in the June 2026 Patch Tuesday updates, which addressed over 200 security flaws. Tensions arose between Microsoft and Nightmare-Eclipse regarding vulnerability reporting protocols and researcher compensation, with Microsoft initially threatening legal action against the researcher. Following backlash, Microsoft retracted the threat but tensions persisted. Nightmare-Eclipse claimed retaliation from Microsoft, including the banning of their GitHub account and deletion of their Microsoft account, which Microsoft denied. The situation highlights the ongoing challenges in cybersecurity and the relationship between tech companies and security researchers.

Winsage

June 10, 2026

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows

An anonymous researcher known as Chaotic Eclipse has released a proof-of-concept exploit called RoguePlanet, targeting a zero-day vulnerability in Microsoft Defender. The exploit, which is a race condition, has a variable success rate, achieving 100% success on some machines while being less effective on others. When successful, it grants attackers SYSTEM-level privileges on Windows 10 and 11 systems with the June 2026 Patch Tuesday updates. The exploit does not work on Windows Server due to restrictions on mounting ISO images. Chaotic Eclipse has criticized Microsoft's defenses against path redirection attacks and claims to have found multiple vulnerabilities within Defender and other Microsoft software components. The researcher has expressed dissatisfaction with Microsoft's handling of vulnerability disclosures, particularly after losing access to the Microsoft Security Response Center account. Microsoft has condemned the public disclosure of vulnerabilities as unjustifiable, stating it puts customers at unnecessary risk, and has removed Chaotic Eclipse's GitHub and GitLab accounts. Microsoft clarified that it does not intend to pursue legal action against individuals conducting security research but will collaborate with law enforcement against malicious activities.

AppWizard

June 4, 2026

Apple Removes Russian State-Backed Max Messenger From App Store Amid Spyware Questions

Apple has removed the Russian state-backed messaging application, Max, from its App Store, stopping new downloads of the platform. VK, the developer of Max, confirmed this action and stated that existing users can still use the app. VK is seeking clarification from Apple and advising users to consider alternative download options. Earlier, Cloudflare had flagged Max's domain as spyware, a designation that was later lifted. The removal of Max follows a similar action against another VK service, Telega, which Apple removed after Cloudflare identified its domains as spyware. Concerns about Max's functionality as a surveillance tool have been raised, with reports of hidden features such as remote microphone recording and contact list harvesting. Since September 2025, Max has been preinstalled on new smartphones sold in Russia.

AppWizard

June 2, 2026

Valve reportedly threatened Ubisoft with a total delisting of Rainbow Six Siege “by end of day tomorrow” when it tried selling it cheaper on Uplay

A recent study found that 72% of game developers view Steam as a monopoly. Valve allegedly threatened to delist Ubisoft's Rainbow Six Siege after the company promoted a cheaper bundle on its own Uplay storefront. Warner Bros. Games also faced scrutiny from Valve due to sales strategies that did not meet the company's expectations. These incidents are part of an ongoing class-action antitrust lawsuit against Valve.

AppWizard

May 30, 2026

The remarkable story of Unreal 2, the sequel rescued from development hell by dooming it to failure: ‘There was just no way we could succeed’

Weird Weekend is a feature celebrating PC gaming oddities. Unreal 2 was highly anticipated following the success of the original Unreal, which revolutionized first-person shooters. The sequel promised a cinematic campaign, dynamic factions, and advanced multiplayer, developed by Legend Entertainment under Glen Dahlgren and Mike Verdu. Verdu faced personal challenges that complicated project management, leading to strained team dynamics and internal conflicts. After taking control, Dahlgren inherited a troubled project that was behind schedule and faced technical challenges. The game launched on February 4, 2003, receiving mixed reviews due to the lack of multiplayer and a short campaign, ultimately leading to Legend Entertainment's closure in January 2004. Both Dahlgren and Verdu acknowledge the project's shortcomings, but Unreal 2 has gained a more favorable reputation over time.

Winsage

May 28, 2026

“I have proof for every single word”: This security researcher’s GitHub and Microsoft accounts were deleted after claiming a Windows 11 exploit in BitLocker is by design

A zero-day exploit named YellowKey was revealed by a researcher known as "Chaotic Eclipse" or Nightmare-Eclipse, which allows access to BitLocker-protected drives on Windows 11 using a USB key. Microsoft acknowledged the vulnerability, tracked as CVE-2026-45585, and provided mitigation strategies. The researcher expressed frustration over Microsoft's handling of the situation, including the banning of their GitHub account and lack of communication regarding unpaid bounties from Microsoft's MSRC program, which offers rewards for reporting vulnerabilities. Nightmare-Eclipse hinted at having evidence to support their claims and indicated plans to release documents related to the issue.

Winsage

May 28, 2026

Microsoft’s GitHub bans security researcher who posted zero-day Windows exploits because company ‘ruined their life’ — expert claims action is vindictive and promises further retaliation

Researcher Nightmare-Eclipse, also known as Chaotic Eclipse, has had their GitHub account banned by Microsoft, leading them to move their operations to GitLab. Microsoft also deleted Eclipse's Microsoft account used for reporting vulnerabilities. Eclipse claims that they have not received any financial rewards from Microsoft's bug bounty program, despite having reported multiple zero-day vulnerabilities. They possess a portfolio of six zero-day exploits and have hinted at revealing more on July 14. Eclipse has criticized Microsoft for their handling of vulnerability reports and suggested that the company's recent requirement for video evidence of exploits has contributed to tensions. Microsoft has not commented on the specifics of the situation. Eclipse's zero-day exploits include BlueHammer, RedSun, UnDefend, GreenPlasma, MiniPlasma, and YellowKey, with BlueHammer, RedSun, and UnDefend confirmed as actively exploited in the wild.

AppWizard

May 19, 2026

Sony retreats from PC gaming, robbing us of maybe 4 games

Herman Hulst, the head of PlayStation, announced that single-player PlayStation titles will no longer be released on PC, marking a shift in the company's strategy. This decision comes as Sony focuses on boosting console sales amid declining interest in traditional gaming hardware. While multiplayer titles will still be available on PC, major action-adventure games from studios like Naughty Dog or Insomniac will require a PS5. Upcoming titles include Marvel's Wolverine and God of War: Sons of Sparta in 2026, and Ghost of Yōtei and Death Stranding 2 in 2025. The price of the PS5 has increased to 0, complicating the appeal of exclusive titles. Critics argue the perceived value of the PS5 is diminishing due to a lack of significant library expansion, while the PC gaming landscape continues to grow, with platforms like SteamOS and devices like the Steam Deck enhancing accessibility.

AppWizard

May 16, 2026

All-girls Kingsbridge Heights team shines in NYC Minecraft sustainability competition

A group of six fifth-grade girls from P.S. 86 Kingsbridge Heights School won the Bronx championship in the Minecraft Education “Battle of the Boroughs,” competing against 3,395 students from 679 teams. They reached the Mayor’s Cup Final, where they presented a design for a cleaner, safer version of the Hunts Point Food Distribution Center. The team utilized Microsoft’s MakeCode for coding and emphasized teamwork and communication during their project. Key roles included Leeah Gonzalez as the speaker, Yafatou Bayo as the primary coder, and Zurisadai Quiroga-Vazquez as the presenter. The girls created a virtual version of their school with sustainable features and prioritized accessibility. Their teacher noted significant personal growth among the girls throughout the competition.

AppWizard

May 16, 2026

Steampunk colony sim Steel Artery is here, and it’s “emergent chaos” aboard a giant train

Steel Artery is a train city-building simulation game set in a moving city called Steelpolis, developed by SoulAge23. It combines elements from colony simulation games and features fully autonomous citizens with their own needs and desires. Players manage the population, production chains, and resources while navigating challenges and social tensions. The game has stunning pixel artwork and offers a unique experience with each playthrough. It is available on Steam with an 89% positivity rate from initial reviews, highlighting its complexity and management challenges. The game is priced at .24 during a promotional period, with a 10% discount until May 22.