🔴 A disgruntled researcher just dropped two more unpatched Windows zero-days… and has threatened more are coming

Do you remember BlueHammer, RedSun, and UnDefend? All Windows Defender exploits dropped by an anonymous researcher called Nightmare-Eclipse earlier this year. They were exploited in real attacks within days of publication.

This week Nightmare-Eclipse dropped two more unpatched zero-days: YellowKey and GreenPlasma.

YellowKey allows an attacker with physical access to a Windows 11 or Server 2022/2025 machine to bypass BitLocker encryption entirely. Plug in a USB drive, reboot into Windows Recovery Environment, enter a key sequence, and unrestricted access to the supposedly encrypted volume is granted. Independent security researcher Kevin Beaumont confirmed the exploit works. BleepingComputer

GreenPlasma is a privilege escalation flaw that hands system-level access to unprivileged users. The PoC is incomplete but security researchers say it’s enough of a starting point for a determined attacker to finish the job.

No patches yet. The researcher has claimed a “dead man’s switch” with more exploits ready to publish. Microsoft has not yet commented on the specific exploits. The Register

For clients with laptops, BitLocker alone is no longer sufficient. A PIN requirement on top of BitLocker is the recommended mitigation for YellowKey right now.

🟡 The most comprehensive snapshot of the MSP market just dropped. And the AI revenue gap is widening

GTIA published its State of the Channel 2026 global report this week, and of course, the headline is about AI. GTIA

AI is already generating meaningful revenue for a significant portion of MSPs.

• In the UK and Ireland, over a third of providers report that between 11% and 25% of their revenue now comes from AI-related products and services

• In North America, a quarter of MSPs self-identify as AI-driven, and are already generating AI revenue.

The gap between those MSPs and the ones still figuring out where AI fits is starting to widen. The report is free to access for GTIA members.

🟢 Someone just recovered $400,000 in Bitcoin they'd locked themselves out of 11 years ago. The story involves AI, an old college computer, and a very rude password

In 2015, a college student bought Bitcoin at $250 a coin, changed their wallet password while drunk, and immediately forgot what they’d typed.

The wallet sat untouched for over eleven years while they tried approximately 7 trillion password combinations across multiple recovery tools. Nothing worked.

In a last-ditch effort recently, they dumped the entire contents of an old college computer into Claude. Which found a forgotten wallet backup file predating the password change, identified a bug in the recovery tool that had been silently blocking every previous attempt, and fixed it.

The wallet unlocked. And five Bitcoin, now worth approximately $400,000, were recovered. What a story! Tom’s Hardware (fair warning: this contains some fruity language)

Hooray! We made it through to the weekend. Have a great one. We’ll be back in your inbox on Monday morning.