A single security researcher has upended assumptions about coordinated disclosure. In just six weeks this researcher, known as Nightmare-Eclipse or Chaotic Eclipse, dropped working proof-of-concept code for six Windows vulnerabilities. Three saw immediate use in real intrusions. Microsoft calls the actions irresponsible. The researcher says Redmond started the fight. The Grudge That Launched a Campaign Nightmare-Eclipse claims prior attempts to report flaws through official channels ended in dismissal, account deletion and public humiliation. “I never wanted to reopen a blog and a new github account to drop code,” the researcher wrote on a personal blog. “But someone violated our agreement and left me homeless with nothing.” That personal stake turned technical. Starting in early April 2026 the researcher released exploits one after another. BlueHammer. RedSun. UnDefend. Then YellowKey, GreenPlasma and MiniPlasma. Some targeted Windows Defender itself. Others hit BitLocker or privilege boundaries.…