---
title: "Disgruntled researcher releases two more Microsoft zero-days"
created: 2026-05-18
updated: 2026-05-18
type: article
platform: The Register
source_url: https://www.theregister.com/security/2026/05/13/disgruntled-researcher-releases-two-more-microsoft-zero-days/5239758/
tags: [vietnam, cloud-computing, government, data-sovereignty]
sha256: d569a6bfbda4d0d3745222edf04385af03b757ad671a8f0c4d2d52cda9c14119
---
# Disgruntled researcher releases two more Microsoft zero-days
Published Time: 2026-05-13T16:16:02.000Z
Markdown Content:
[Jump to main content](https://www.theregister.com/security/2026/05/13/disgruntled-researcher-releases-two-more-microsoft-zero-days/5239758/#main)
Search 
TOPICS
*   Security
    *   [All Security](https://www.theregister.com/security)
    *   [Cyber-crime](https://www.theregister.com/cyber_crime)
    *   [Patches](https://www.theregister.com/patches)
    *   [Research](https://www.theregister.com/research)
    *   [CSO](https://www.theregister.com/cso)
*   Off-Prem
    *   [All Off-Prem](https://www.theregister.com/off_prem)
    *   [Edge + IoT](https://www.theregister.com/edge_iot)
    *   [Channel](https://www.theregister.com/channel)
    *   [PaaS + IaaS](https://www.theregister.com/paas_iaas)
    *   [SaaS](https://www.theregister.com/saas)
*   On-Prem
    *   [All On-Prem](https://www.theregister.com/on_prem)
    *   [Systems](https://www.theregister.com/systems)
    *   [Storage](https://www.theregister.com/storage)
    *   [Networks](https://www.theregister.com/networks)
    *   [HPC](https://www.theregister.com/hpc)
    *   [Personal Tech](https://www.theregister.com/personal_tech)
    *   [Cx0](https://www.theregister.com/cxo)
    *   [Public Sector](https://www.theregister.com/public-sector)
*   Software
    *   [All Software](https://www.theregister.com/software)
    *   [AI + ML](https://www.theregister.com/ai_ml)
    *   [Applications](https://www.theregister.com/applications)
    *   [Databases](https://www.theregister.com/databases)
    *   [DevOps](https://www.theregister.com/devops)
    *   [OSes](https://www.theregister.com/oses)
    *   [Virtualization](https://www.theregister.com/virtualization)
*   Offbeat
    *   [All Offbeat](https://www.theregister.com/offbeat)
    *   [Columnists](https://www.theregister.com/columnists)
    *   [Science](https://www.theregister.com/science)
    *   [BOFH](https://www.theregister.com/bofh)
    *   [Legal](https://www.theregister.com/legal)
    *   [Bootnotes](https://www.theregister.com/bootnotes)
    *   [Site News](https://www.theregister.com/site_news)
    *   [About Us](https://www.theregister.com/about_us)
*   Special Features
    *   [All Special Features](https://www.theregister.com/tag/special_features)
    *   [HPE: AI Explainers](https://www.theregister.com/explainer/ai-explainer)
    *   [RSA Conference](https://www.theregister.com/special_features/rsa)
    *   [Agentic AI](https://www.theregister.com/special_features/agentic_ai)
    *   [The Future of the Datacenter](https://www.theregister.com/special_features/future_of_the_datacenter)
    *   [AWS:Reinvent](https://www.theregister.com/special_features/aws_reinvent)
    *   [Nvidia GTC](https://www.theregister.com/special_features/nvidia_gtc)
    *   [SC25](https://www.theregister.com/special_features/2025_11_sycomp_supercomputing)
    *   [Supercomputing Month](https://www.theregister.com/special_features/2025_11_supercomputing_month)
*   Vendor Voice
    *   [All Vendor Voice](https://vendorvoice.theregister.com/)
    *   [Infinidat](https://vendorvoice.theregister.com/infinidat/)
    *   [Everpure](https://vendorvoice.theregister.com/everpure/)
    *   [Rubrik](https://vendorvoice.theregister.com/rubrik/)
    *   [Make it real with Capgemini and AWS](https://vendorvoice.theregister.com/aws_capgemini/)
    *   [Money Movement Hub](https://vendorvoice.theregister.com/aws_fis/)
    *   [ZTE](https://vendorvoice.theregister.com/zte_news_and_stories/)
    *   [Nutanix: Scale Kubernetes. Not Chaos.](https://vendorvoice.theregister.com/nutantix_cloud_native_apps/)
    *   [AWS New Horizon](https://vendorvoice.theregister.com/aws_new_horizon/)
*   Resources
    *   [Intelligence](https://intelligence.theregister.com/)
    *   [Webinars & Events](https://intelligence.theregister.com/events/list/)
    *   [Newsletters](https://account.theregister.com/login?r=https%3A%2F%2Faccount.theregister.com%2Fedit%2Fnewsletter%2F)
Search 
[![Image 1: Go to frontpage. Logo, The Register](https://www.theregister.com/view-resources/dachser2/public/theregister/logo.svg)](https://www.theregister.com/)[![Image 2: Go to frontpage. Logo, The Register](https://www.theregister.com/view-resources/dachser2/public/theregister/logo.svg)](https://www.theregister.com/)[![Image 3: Go to frontpage. Logo, The Register](https://www.theregister.com/view-resources/dachser2/public/theregister/logo.svg)](https://www.theregister.com/)
*   [Sign in](https://account.theregister.com/login)
*   [Datacenter](https://www.theregister.com/tag/datacenter)
*   [Security](https://www.theregister.com/security)
*   [Microsoft](https://www.theregister.com/tag/microsoft)
*   [AWS](https://www.theregister.com/tag/aws)
*   [Developer](https://www.theregister.com/tag/developer)
*   [Open Source](https://www.theregister.com/tag/open%20source)
*   [IT Careers](https://www.theregister.com/tag/tech%20jobs)
*   [Columnists](https://www.theregister.com/tag/columnists)
*   [Who, Me?](https://www.theregister.com/tag/who%20me)
*   [On Call](https://www.theregister.com/tag/on%20call/)
REG AD
Security
# Mystery Microsoft bug leaker keeps the zero-days coming
Security pros warn YellowKey claim could make stolen laptops a much bigger problem
Connor Jones[Connor Jones](https://www.theregister.com/author/connor-jones)Cybersecurity reporter
Published wed 13 May 2026 // 17:16 UTC
[](https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F05%2F13%2Fdisgruntled-researcher-releases-two-more-microsoft-zero-days%2F5239758)[](https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F05%2F13%2Fdisgruntled-researcher-releases-two-more-microsoft-zero-days%2F5239758)[](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F05%2F13%2Fdisgruntled-researcher-releases-two-more-microsoft-zero-days%2F5239758)[](https://bsky.app/intent/compose?text=Mystery%20Microsoft%20bug%20leaker%20keeps%20the%20zero-days%20coming%0Ahttps%3A%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F05%2F13%2Fdisgruntled-researcher-releases-two-more-microsoft-zero-days%2F5239758)[](https://www.reddit.com/submit?url=https%3A%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F05%2F13%2Fdisgruntled-researcher-releases-two-more-microsoft-zero-days%2F5239758&title=Mystery%20Microsoft%20bug%20leaker%20keeps%20the%20zero-days%20coming)[](https://api.whatsapp.com/send?text=Mystery%20Microsoft%20bug%20leaker%20keeps%20the%20zero-days%20coming%0Ahttps%3A%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F05%2F13%2Fdisgruntled-researcher-releases-two-more-microsoft-zero-days%2F5239758)
The anonymous security researcher who has already maliciously exposed three Windows zero-days this year has revealed two more, dropping them just after Microsoft's monthly Patch Tuesday update.
Nightmare-Eclipse, or Chaotic Eclipse, depending on which of their aliases you prefer, released details about[YellowKey](https://github.com/Nightmare-Eclipse/YellowKey) and [GreenPlasma](https://github.com/Nightmare-Eclipse/GreenPlasma)- respectively a BitLocker bypass and a privilege escalation flaw, handing SYSTEM access to attackers.
Experts speaking to The Register warned that both vulnerabilities present serious security concerns, especially since Nightmare-Eclipse released substantial technical information about exploiting them.
REG AD
Nightmare-Eclipse described YellowKey as "one of the most insane discoveries I ever found." They provided the files, which have to be loaded onto a USB drive, and if the attacker completes the key sequence correctly, they are granted unrestricted shell access to a BitLocker-protected machine.
REG AD
When it comes to claims like these, we usually exercise some caution, as this bug requires physical access to a Windows PC. However, seeing that [BitLocker](https://www.theregister.com/security/2026/01/23/surrender-as-a-service-microsoft-unlocks-bitlocker-for-feds/4387769) acts as Windows' last line of defense for stolen devices, bypassing the technology grants thieves the ability to access encrypted files.
Rik Ferguson, VP of security intelligence at Forescout, said: "If [the researcher's claim] holds up, a stolen laptop stops being a hardware problem and becomes a breach notification."
Despite the physical access requirement, Gavin Knapp, cyber threat intelligence principal lead at Bridewell, told The Register that YellowKey remains "a huge security problem for organizations using BitLocker."
Citing information shared in cyber threat intelligence circles, he added that YellowKey can be mitigated by implementing a BitLocker PIN and a BIOS password lock.
Nightmare-Eclipse hinted at YellowKey also acting as a backdoor, allegedly injected by Microsoft, although the people we spoke to said this was impossible to verify based on the information available.
The researcher also published partial exploit code for GreenPlasma, rather than a fully formed proof of concept exploit (PoC).
Ferguson noted attackers need to take the code provided by the researcher and figure out how to weaponize it themselves, which is no small task: in its current state it triggers a UAC consent prompt in default Windows configurations, meaning a silent exploit remains a work in progress.
Knapp warned that these kinds of privilege escalation flaws are often used by attackers after they gain an initial foothold in a victim's system.
REG AD
"These elevation of privilege vulnerabilities are often weaponized during post-exploitation to enable threat actors to discover and harvest credentials and data, before moving laterally to other systems, prior to end goals such as data theft and/or ransomware deployment," he said.
## MORE CONTEXT
*   ### [Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs](https://www.theregister.com/patches/2026/05/13/doozy-of-a-patch-tuesday-includes-30-critical-microsoft-cves/5239224)
*   ### [Microsoft's massive Patch Tuesday: It's raining bugs](https://www.theregister.com/security/2026/04/14/microsofts-massive-patch-tuesday-its-raining-bugs/5219841)
*   ### [Researchers claim Windows Defender can be fooled into deleting databases](https://www.theregister.com/security/2024/04/22/researchers-windows-defender-attack-can-delete-databases/319027)
*   ### [Surrender as a service: Microsoft unlocks BitLocker for feds](https://www.theregister.com/security/2026/01/23/surrender-as-a-service-microsoft-unlocks-bitlocker-for-feds/4387769)
"Currently, there is no known mitigation for GreenPlasma. It will be important to patch when Microsoft addresses the issue."
### Four, five… and more?
YellowKey and GreenPlasma are the latest in a series of five Microsoft zero-day bugs the researcher has exposed this year.
When Nightmare-Eclipse [released BlueHammer](https://www.theregister.com/security/2026/04/14/microsofts-massive-patch-tuesday-its-raining-bugs/5219841) (CVE-2026-32201, 6.5) - patched by Microsoft in April - they were described as a disgruntled researcher who has since been rumored to be a former Microsoft employee.
According to their maiden blog post under the Chaotic Eclipse alias, the bug leak began after an alleged violation of trust.
"I never wanted to reopen a blog and a new [GitHub](https://www.theregister.com/software/2026/04/29/mitchell-hashimoto-says-github-no-longer-for-serious-work/5227505) account to drop code," they wrote. "But someone violated our agreement and left me homeless with nothing. They knew this will happen and they still stabbed me in the back anyways, this is their decision not mine."
In early April, the researcher leaked proof-of-concept code for Windows Defender exploits they called RedSun and UnDefend - another admin privilege escalation bug and denial-of-service flaw, respectively - as well as BlueHammer.
REG AD
Both RedSun and UnDefend remain unfixed, and [according to Huntress](https://www.huntress.com/blog/nightmare-eclipse-intrusion), the proof-of-concept code released was quickly picked up and abused in real-world attacks.
Ferguson described the exposure of YellowKey and GreenPlasma as the latest in an escalating, retaliatory campaign against Microsoft, and warned of more coming.
"Prior releases include BlueHammer and RedSun, both of which attracted serious community attention and real forks," he said.
"The same post linking yesterday's releases warns of another Patch Tuesday surprise and hints at future RCE disclosures. They claim to have a dead man's switch with more ready to go. This researcher has followed through on every prior threat."®
[security](https://www.theregister.com/tag/security)[bitlocker](https://www.theregister.com/tag/bitlocker)[windows](https://www.theregister.com/tag/windows)[zero-day vulnerabilities](https://www.theregister.com/tag/zero-day%20vulnerabilities)[microsoft](https://www.theregister.com/tag/microsoft)
[](https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F05%2F13%2Fdisgruntled-researcher-releases-two-more-microsoft-zero-days%2F5239758)[](https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F05%2F13%2Fdisgruntled-researcher-releases-two-more-microsoft-zero-days%2F5239758)[](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F05%2F13%2Fdisgruntled-researcher-releases-two-more-microsoft-zero-days%2F5239758)[](https://bsky.app/intent/compose?text=Mystery%20Microsoft%20bug%20leaker%20keeps%20the%20zero-days%20coming%0Ahttps%3A%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F05%2F13%2Fdisgruntled-researcher-releases-two-more-microsoft-zero-days%2F5239758)[](https://www.reddit.com/submit?url=https%3A%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F05%2F13%2Fdisgruntled-researcher-releases-two-more-microsoft-zero-days%2F5239758&title=Mystery%20Microsoft%20bug%20leaker%20keeps%20the%20zero-days%20coming)[](https://api.whatsapp.com/send?text=Mystery%20Microsoft%20bug%20leaker%20keeps%20the%20zero-days%20coming%0Ahttps%3A%2F%2Fwww.theregister.com%2Fsecurity%2F2026%2F05%2F13%2Fdisgruntled-researcher-releases-two-more-microsoft-zero-days%2F5239758)
REG AD
[![Image 4: https://www.shutterstock.com/image-photo/asterisk-star-key-on-phone-closeup-2375693827](https://image.theregister.com/5240190.jpg?imageId=5240190&panox=0.00&panoy=18.23&panow=100.00&panoh=63.55&heightx=0.00&heighty=0.00&heightw=100.00&heighth=100.00&width=960&height=432&format=webp&format=jpg) Storage ## Backup script ingested an accidental asterisk and deleted everything Letting a 21-year-old write critical code without supervision is not smart](https://www.theregister.com/storage/2026/05/18/backup-script-ingested-an-accidental-asterisk-and-deleted-everything/5240173)
[Cyber-Crime ## Grafana Labs admits all its codebase are belong to someone who popped its GitHub account No customer info stolen, no impact to operations, and no blackmail payment](https://www.theregister.com/cyber-crime/2026/05/18/grafana-labs-admits-attackers-downloaded-its-codebase-from-github/5241686)
## [ZTE showcases at GSMA M360 LATAM 2026, driving future business model restructuring - AI & network two-way integration AI-integrated networks can cut costs, boost 5G efficiency, and help regional telcos shift beyond basic connectivity](https://www.theregister.com/networks/2026/05/15/zte-showcases-at-gsma-m360-latam-2026-driving-future-business-model-restructuring-ai-network-two-way-integration/5240254)
[Personal Tech ## Samsung’s weather app sparks storm of controversy by handing territory to North Korea PLUS: China-linked cyber-attack on central Asian oil sector; Bottom falls out of Indian smartphone sales; And more!](https://www.theregister.com/personal-tech/2026/05/18/samsungs-weather-app-sparks-storm-of-controversy-by-handing-territory-to-north-korea/5241656)
[![Image 5](https://image.theregister.com/5240076.jpg?imageId=5240076&panox=0.00&panoy=0.00&panow=100.00&panoh=100.00&heightx=0.00&heighty=0.00&heightw=100.00&heighth=100.00&width=960&height=432&format=webp&format=jpg) PaaS + IaaS ## AWS to Quick admins: The access control didn't work, but you weren't using it anyway, so what's the problem? If a setting fails in the forest and nobody hears it ...](https://www.theregister.com/paas-and-iaas/2026/05/13/aws-patched-quick-auth-bypass-says-customers-werent-using-control/5240041)
[Security ## Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’ Multiple researchers using the same tools to find the same bugs are creating ‘unnecessary pain and pointless work’](https://www.theregister.com/security/2026/05/18/linus-torvalds-says-ai-powered-bug-hunters-have-made-linux-security-mailing-list-almost-entirely-unmanageable/5241633)
### MOST POPULAR
*   [![Image 6](https://image.theregister.com/5240227.jpg?imageId=5240227&x=0&y=13.49&cropw=100&croph=84.87&panox=0&panoy=13.49&panow=100&panoh=84.87&width=70&height=60)](https://www.theregister.com/ai-ml/2026/05/13/google-users-fight-for-refunds-as-unauthorized-api-usage-bills-soar/5239160)[AI + ML #### Google users fight for refunds as unauthorized API usage bills soar](https://www.theregister.com/ai-ml/2026/05/13/google-users-fight-for-refunds-as-unauthorized-api-usage-bills-soar/5239160) 
*   [![Image 7](https://image.theregister.com/5237766.jpg?imageId=5237766&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=70&height=60)](https://www.theregister.com/systems/2026/05/16/europe-built-sovereign-clouds-to-escape-us-control-then-forgot-about-the-processors/5237735)[Systems #### Europe built sovereign clouds to escape US control. Then forgot about the processors](https://www.theregister.com/systems/2026/05/16/europe-built-sovereign-clouds-to-escape-us-control-then-forgot-about-the-processors/5237735) 
*   [![Image 8](https://image.theregister.com/5238164.jpg?imageId=5238164&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=70&height=60)](https://www.theregister.com/security/2026/05/11/anthropics-bug-hunting-mythos-was-greatest-marketing-stunt-ever-says-curl-creator/5238111)[Security #### Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator](https://www.theregister.com/security/2026/05/11/anthropics-bug-hunting-mythos-was-greatest-marketing-stunt-ever-says-curl-creator/5238111) 
*   [![Image 9](https://image.theregister.com/5238497.jpg?imageId=5238497&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=70&height=60)](https://www.theregister.com/networks/2026/05/12/veteran-network-architect-proposes-ipv8-to-improve-ipv4-not-leapfrog-v6/5238474)[Networks #### Veteran network architect proposes IPv8 – to improve IPv4, not leapfrog v6](https://www.theregister.com/networks/2026/05/12/veteran-network-architect-proposes-ipv8-to-improve-ipv4-not-leapfrog-v6/5238474) 
*   [![Image 10](https://image.theregister.com/5222020.jpg?imageId=5222020&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=70&height=60)](https://www.theregister.com/off-prem/2026/05/14/tencent-admits-gpus-only-pay-for-themselves-when-powering-personalized-ads/5240150)[Off-Prem #### Tencent admits GPUs only pay for themselves when powering personalized ads](https://www.theregister.com/off-prem/2026/05/14/tencent-admits-gpus-only-pay-for-themselves-when-powering-personalized-ads/5240150) 
## EVENTS
*   ### [The Hardware Crunch: How Supply Chain Turbulence Is Forcing a New IT Playbook Infrastructure teams are facing a perfect storm: extended hardware lead times, rising costs driven by AI demand, and accelerated platform timelines.](https://intelligence.theregister.com/paper/view/20113)
*   ### [From Prompt to Exploit: How LLMs Are Changing API Attacks Modern applications are API-driven, interconnected, and often over-permissioned, making them an ideal target for AI-assisted attacks.](https://intelligence.theregister.com/paper/view/20219)
*   ### [Identity Resilience: The New Mandate for Cyber Survival Join Druva experts for a compelling deep dive into what it takes to build an identity-first recovery strategy in this new threat landscape.](https://intelligence.theregister.com/paper/view/20091)
*   ### [Identity Resilience: The New Mandate for Cyber Survival Join Druva experts for a compelling deep dive into what it takes to build an identity-first recovery strategy in this new threat landscape.](https://intelligence.theregister.com/paper/view/20101)
*   ### [Unfriendly Followers: The Black Market For Your Identity They’ll reveal how attackers use your profile as intel and show you how to make yourself harder to target](https://intelligence.theregister.com/paper/view/20135)
*   ### [How Agents are Reshaping AI Security AI adoption is accelerating and with it comes a new security challenge.](https://intelligence.theregister.com/paper/view/20200)
*   ### [How Agents are Reshaping AI Security AI adoption is accelerating and with it comes a new security challenge.](https://intelligence.theregister.com/paper/view/20201)
*   ### [AI Found the Problem. Now What? AI is transforming the software development lifecycle, helping teams identify and remediate vulnerabilities before they reach production.](https://intelligence.theregister.com/paper/view/20158)
*   ### [Agentic AI at Scale: From Pilot to Production Join us to learn how to unlock real ROI by driving adoption of AI at scale.](https://intelligence.theregister.com/paper/view/20257)
[EXPLORE ALL OF OUR EVENTS](https://intelligence.theregister.com/events/list?_gl=1*8seb5h*_ga*NzgyNjE4NzEwLjE3NzExNzQ4MjA.*_ga_JXW44Y23NM*czE3NzY3NTY3MjIkbzEwNSRnMSR0MTc3Njc1Njg5NCRqOCRsMCRoMA..)
### [AI](https://beta.theregister.com/tag/ai)
*   [Personal Tech #### Samsung’s weather app sparks storm of controversy by handing territory to North Korea PLUS: China-linked cyber-attack on central Asian oil sector; Bottom falls out of Indian smartphone sales; And more!](https://www.theregister.com/personal-tech/2026/05/18/samsungs-weather-app-sparks-storm-of-controversy-by-handing-territory-to-north-korea/5241656)
*   [Security #### Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’ Multiple researchers using the same tools to find the same bugs are creating ‘unnecessary pain and pointless work’](https://www.theregister.com/security/2026/05/18/linus-torvalds-says-ai-powered-bug-hunters-have-made-linux-security-mailing-list-almost-entirely-unmanageable/5241633)
*   [AI + ML #### Surprise AI bills leave AWS and Google Cloud users aghast Stuck with an AI bill for tens of thousands of dollars? You're not alone by a long shot](https://www.theregister.com/ai-ml/2026/05/18/surprise-ai-bills-leave-aws-and-google-cloud-users-aghast/5241348)
*   [AI + ML #### Agent harnesses, like OpenClaw, are changing how we build and run AI models Ride your bots further by putting them in a harness](https://www.theregister.com/ai-ml/2026/05/17/how-ai-agent-harnesses-like-openclaw-are-changing-llms-inference-and-cpus/5241530)
*   [AI + ML #### Enough with the AI FOMO, go slow-mo, says Domo CDO You're not the only one annoyed by the hype](https://www.theregister.com/ai-ml/2026/05/17/enough-with-the-ai-fomo-go-slow-mo-says-domo-cdo/5240840)
### [Infosec](https://beta.theregister.com/security)
*   [Personal Tech #### Samsung’s weather app sparks storm of controversy by handing territory to North Korea PLUS: China-linked cyber-attack on central Asian oil sector; Bottom falls out of Indian smartphone sales; And more!](https://www.theregister.com/personal-tech/2026/05/18/samsungs-weather-app-sparks-storm-of-controversy-by-handing-territory-to-north-korea/5241656)
*   [Security #### Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’ Multiple researchers using the same tools to find the same bugs are creating ‘unnecessary pain and pointless work’](https://www.theregister.com/security/2026/05/18/linus-torvalds-says-ai-powered-bug-hunters-have-made-linux-security-mailing-list-almost-entirely-unmanageable/5241633)
*   [AI + ML #### Surprise AI bills leave AWS and Google Cloud users aghast Stuck with an AI bill for tens of thousands of dollars? You're not alone by a long shot](https://www.theregister.com/ai-ml/2026/05/18/surprise-ai-bills-leave-aws-and-google-cloud-users-aghast/5241348)
*   [AI + ML #### Agent harnesses, like OpenClaw, are changing how we build and run AI models Ride your bots further by putting them in a harness](https://www.theregister.com/ai-ml/2026/05/17/how-ai-agent-harnesses-like-openclaw-are-changing-llms-inference-and-cpus/5241530)
*   [AI + ML #### Enough with the AI FOMO, go slow-mo, says Domo CDO You're not the only one annoyed by the hype](https://www.theregister.com/ai-ml/2026/05/17/enough-with-the-ai-fomo-go-slow-mo-says-domo-cdo/5240840)
### [FOSS](https://beta.theregister.com/tag/FOSS)
*   #### [Backup script ingested an accidental asterisk and deleted everything Letting a 21-year-old write critical code without supervision is not smart](https://www.theregister.com/storage/2026/05/18/backup-script-ingested-an-accidental-asterisk-and-deleted-everything/5240173)
*   #### [Grafana Labs admits all its codebase are belong to someone who popped its GitHub account No customer info stolen, no impact to operations, and no blackmail payment](https://www.theregister.com/cyber-crime/2026/05/18/grafana-labs-admits-attackers-downloaded-its-codebase-from-github/5241686)
*   #### [Samsung’s weather app sparks storm of controversy by handing territory to North Korea PLUS: China-linked cyber-attack on central Asian oil sector; Bottom falls out of Indian smartphone sales; And more!](https://www.theregister.com/personal-tech/2026/05/18/samsungs-weather-app-sparks-storm-of-controversy-by-handing-territory-to-north-korea/5241656)
*   #### [Linus Torvalds says AI-powered bug hunters have made Linux security mailing list ‘almost entirely unmanageable’ Multiple researchers using the same tools to find the same bugs are creating ‘unnecessary pain and pointless work’](https://www.theregister.com/security/2026/05/18/linus-torvalds-says-ai-powered-bug-hunters-have-made-linux-security-mailing-list-almost-entirely-unmanageable/5241633)
*   #### [Surprise AI bills leave AWS and Google Cloud users aghast Stuck with an AI bill for tens of thousands of dollars? You're not alone by a long shot](https://www.theregister.com/ai-ml/2026/05/18/surprise-ai-bills-leave-aws-and-google-cloud-users-aghast/5241348)
*   #### [Agent harnesses, like OpenClaw, are changing how we build and run AI models Ride your bots further by putting them in a harness](https://www.theregister.com/ai-ml/2026/05/17/how-ai-agent-harnesses-like-openclaw-are-changing-llms-inference-and-cpus/5241530)
## [FEATURES](https://www.theregister.com/tag/features?_gl=1*esekfm*_ga*NzgyNjE4NzEwLjE3NzExNzQ4MjA.*_ga_JXW44Y23NM*czE3NzY3NTY3MjIkbzEwNSRnMSR0MTc3Njc1Njg5NCRqOCRsMCRoMA..)
*   [![Image 11](https://image.theregister.com/?imageId=5237766&panow=100&panoh=100&panoy=0&panox=0&heighty=0&heightx=0&heightw=100&heighth=100&width=530&height=238&format=webp)### Europe built sovereign clouds to escape US control. Then forgot about the processors](https://www.theregister.com/systems/2026/05/16/europe-built-sovereign-clouds-to-escape-us-control-then-forgot-about-the-processors/5237735)
*   [![Image 12](https://image.theregister.com/?imageId=5240833&panow=100&panoh=100&panoy=0&panox=0&heightx=0&heightw=100&heighth=100&heighty=0&width=530&height=238&format=webp)### Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data](https://www.theregister.com/cyber-crime/2026/05/14/security-pros-doubt-canvas-attackers-really-deleted-stolen-student-data/5240799)
*   [![Image 13](https://image.theregister.com/?imageId=5237381&panoy=0&panox=0&panow=100&panoh=100&heightw=100&heighth=100&heighty=0&heightx=0&width=530&height=238&format=webp)### Europe wants out from under US tech – but first it has to find the exits](https://www.theregister.com/public-sector/2026/05/11/europe-wants-out-from-under-us-tech-but-first-it-has-to-find-the-exits/5234898)
*   [![Image 14](https://image.theregister.com/?imageId=5219524&panoh=71.67&panoy=12.5&panox=0&panow=100&heighty=0&heightx=40.45&heightw=41.43&heighth=100&width=530&height=238&format=webp)### GNOME may rule Ubuntu Resolute Raccoon, but X.org isn't roadkill yet](https://www.theregister.com/oses/2026/05/06/gnome-may-rule-ubuntu-resolute-raccoon-but-xorg-isnt-roadkill-yet/5219477)
*   [![Image 15](https://image.theregister.com/?imageId=232540&width=530&height=238&format=webp)### OpenClaw, but in containers: Meet NanoClaw](https://www.theregister.com/software/2026/03/01/openclaw-but-in-containers-meet-nanoclaw/4932592)
*   [![Image 16](https://image.theregister.com/?imageId=4094240&width=530&height=238&format=webp)### Open source registries don't have enough money to implement basic security](https://www.theregister.com/security/2026/02/16/open-source-registries-underfunded-as-security-costs-rise/5168909)
*   [![Image 17](https://image.theregister.com/?imageId=4094152&width=530&height=238&format=webp)### Contain your Windows apps inside Linux Windows](https://www.theregister.com/software/2026/02/14/contain-your-windows-apps-inside-linux-windows/4334445)
*   [![Image 18](https://image.theregister.com/?imageId=253705&width=530&height=238&format=webp)### The Linux mid-life crisis that's an opportunity for Tux-led transformation](https://www.theregister.com/software/2026/02/09/linux-mid-life-crisis-a-tux-led-transformation-chance/4856690)
*   [![Image 19](https://image.theregister.com/?imageId=246863&width=530&height=238&format=webp)### Too much AI for some, too little for others: Why AMD can't win with investors](https://www.theregister.com/on-prem/2026/02/04/why-amds-q1-outlook-is-giving-wall-street-jitters/4464981)
*   [![Image 20](https://image.theregister.com/?imageId=226970&width=530&height=238&format=webp)### How agentic AI can strain modern memory hierarchies](https://www.theregister.com/special-features/2026/01/28/how-agentic-ai-strains-modern-memory-hierarchies/4429527)
✕
![Image 21: Logo](https://www.theregister.com/files/2025/10/15/The_register_full_icon_white.svg)
Biting the hand that feeds IT
## About Us
[Contact us](https://www.theregister.com/profile/contact)
[Advertise with us](https://situationpublishing.com/contact/)
[Who we are](https://www.theregister.com/profile/about_the_register)
## Our Websites
[The Next Platform](https://www.nextplatform.com/)
[DevClass](https://devclass.com/)
[Blocks and Files](https://blocksandfiles.com/)
[Situation Publishing](https://situationpublishing.com/)
## Your Privacy
[Cookies Policy](https://www.theregister.com/Profile/cookies)
[Privacy Policy](https://www.theregister.com/profile/privacy)
[Ts & Cs](https://www.theregister.com/profile/terms_and_conditions_of_use)
[Do not share my personal information](https://www.theregister.com/Profile/privacy_policy_california_residents/)
[Your Consent Options](https://www.theregister.com/profile/terms_and_conditions_of_use)
## Archives
[27 years of articles](https://www.theregister.com/archive)
![Image 22: Situation Publishing Logo](https://beta.theregister.com/files/2025/10/09/SituationPublishing_Logo_Evolution_Twolines-White-Barlow%20(1).svg)
Copyright. All rights reserved © 1998-2026.