> TritonInfoSec News
Home / May 19, 2026 / Story
0
#5 Schneier on Security threat-intel May 18, 2026 at 11:08 UTC

Zero-Day Exploit Against Windows BitLocker

By Bruce Schneier

AI Summary

A researcher known as 'Nightmare-Eclipse' published the YellowKey exploit, which reliably bypasses BitLocker full-volume encryption on default Windows 11 deployments by extracting the decryption key stored in the TPM without requiring the user's PIN. The attack requires physical access to the target machine but works against standard TPM-only BitLocker configurations, which are the default for most enterprise deployments. Organizations relying solely on TPM-backed BitLocker without a PIN should treat this as a significant data-at-rest protection gap.

Read full article → https://www.schneier.com/blog/archives/2026/05/zer…

Relevance score: 85.0/100

# More from May 19

  1. 1
    CISA Admin Leaked AWS GovCloud Keys on Github Krebs on Security
  2. 2
    Microsoft Exchange Zero-Day Under Attack, No Patch Available Dark Reading
  3. 3
    Grafana Confirms Breach After Hackers Claim They Stole Data SecurityWeek
  4. 4
    MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems The Hacker News
  5. 6
    Exploitation of Critical NGINX Vulnerability Begins SecurityWeek
  6. 7
    Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026 BleepingComputer
  7. 8
    Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws The Hacker News
  8. 9
    Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware The Hacker News
  9. 10
    7-Eleven Data Breach Confirmed After ShinyHunters Ransom Demand SecurityWeek