Home · Live brief · Weekly 2026-W22
Chaotic Eclipse / Nightmare Eclipse — MiniPlasma confirmed SYSTEM on a fully-patched Windows 11; sixth zero-day in six weeks
Entities: Nightmare Eclipse
Part of run 2026-W22-da77963d (weekly · Claude Opus 4.8)
The Windows zero-day cluster carried a material technical update beyond the 2026-05-30 daily. MiniPlasma — the sixth zero-day the "Chaotic Eclipse" researcher has dropped in six weeks — is a local privilege escalation in the Windows Cloud Filter driver (cldflt.sys) that reuses CVE-2020-17103, the researcher claiming the 2020 patch was incomplete or partially reverted. ThreatLocker independently confirmed MiniPlasma achieves SYSTEM on a fully-patched Windows 11 running the May 2026 cumulative update — i.e. there is no configuration that closes it today. Three earlier drops in the series (BlueHammer, RedSun, UnDefend) have been observed in real attacks. Microsoft's DCU has called the uncoordinated releases "never justifiable" but has shipped no out-of-band fix; June 10 Patch Tuesday is the first fix opportunity (. Until then, treat any cldflt.sys-adjacent LPE as live.