A single researcher has dropped six Windows zero-days in six weeks. Three now power real attacks. And the feud shows no sign of cooling. Nightmare-Eclipse, who also posts as Chaotic Eclipse and Dead Eclipse, released proof-of-concept code for flaws touching Windows Defender, BitLocker, and core system components. The first exploit, BlueHammer, hit GitHub on April 3, 2026. Others followed quickly. Attackers wasted little time. BlueHammer, RedSun, and UnDefend entered active exploitation soon after publication, according to Barracuda Networks and Huntress Labs reporting. CISA added some to its Known Exploited Vulnerabilities catalog. Patching windows shrank from days to hours. Microsoft pushed back this week. In a blog post the company stressed that none of the six bugs — RedSun (CVE-2026-41091), UnDefend (CVE-2026-45498), BlueHammer (CVE-2026-33825), YellowKey (CVE-2026-45585), GreenPlasma, and MiniPlasma — reached its official channels before public release.…