[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fAQmjOOwJgr97uX4PKDApmVBCz-L9k2AWeLNBZFPXnnM":3},{"article":4,"iocs":52},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":32,"category":33,"article_tags":36},"05fa7c87-41da-4a4e-8fcb-ab98957ed79a","Zero-Day Exploit Against Windows BitLocker - Schneier on Security","zero-day-exploit-against-windows-bitlocker-schneier-on-security-8410d7","It&#8217;s nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in a secured piece of hardware known as a trusted platform module (TPM). BitLocker is a mandatory protection for many organizations, including those that contract with governments...","A zero-day exploit named YellowKey, published by researcher Nightmare-Eclipse, reliably bypasses BitLocker encryption on default Windows 11 deployments by circumventing the TPM-based key storage mechanism. While the exploit requires physical access to the target computer, it poses a significant threat to organizations where BitLocker is mandatory, including government contractors. The vulnerability undermines a key security control designed to protect sensitive data at rest.","YellowKey zero-day exploit bypasses Windows 11 BitLocker encryption with physical access","Zero-Day Exploit Against Windows BitLocker It’s nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft provides to make disk contents off-limits to anyone without the decryption key, which is stored in a secured piece of hardware known as a trusted platform module (TPM). BitLocker is a mandatory protection for many organizations, including those that contract with governments. Slashdot thread. And here’s Nightmare-Eclipse’s GitHub account. Tags: BitLocker, exploits, Windows, zero-day Posted on May 18, 2026 at 7:08 AM • 13 Comments","https:\u002F\u002Fwww.schneier.com\u002Fblog\u002Farchives\u002F2026\u002F05\u002Fzero-day-exploit-against-windows-bitlocker.html",null,"2026-05-18T11:08:38+00:00","2026-05-18T12:00:09.47+00:00",9,[18,21,24,26,29],{"name":19,"type":20},"Nightmare-Eclipse","threat_actor",{"name":22,"type":23},"BitLocker","product",{"name":25,"type":23},"Windows 11",{"name":27,"type":28},"Microsoft","vendor",{"name":30,"type":31},"Trusted Platform Module (TPM)","technology","574f766a-fb3f-487c-8d2c-0720ae75471b",{"id":32,"icon":13,"name":34,"slug":35},"Zero-day","zero-day",[37,42,47],{"category":38},{"id":39,"icon":13,"name":40,"slug":41},"0493c7e9-989a-4692-b4e6-136f5ec09675","Cryptography","cryptography",{"category":43},{"id":44,"icon":13,"name":45,"slug":46},"80544778-fabb-4dcd-aa35-17492e5dcf4f","Vulnerabilities","vulnerabilities",{"category":48},{"id":49,"icon":13,"name":50,"slug":51},"c5eccf7c-abbc-4bd3-bbed-e6da5cba8e73","Incident Response","incident-response",[53],{"type":54,"value":55,"context":56},"malware","YellowKey","Zero-day exploit targeting Windows 11 BitLocker encryption bypass"]