A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed “MiniPlasma” that lets attackers gain SYSTEM privileges on fully patched Windows systems.
The exploit was published by a researcher known as Chaotic Eclipse, or Nightmare Eclipse, who released both the source code and a compiled executable on GitHub after claiming that Microsoft failed to properly patch a previously reported 2020 vulnerability.
According to the researcher, the flaw impacts the ‘cldflt.sys‘ Cloud Filter driver and its ‘HsmOsBlockPlaceholderAccess‘ routine, which was originally reported to Microsoft by Google Project Zero researcher James Forshaw in September 2020.
At the time, the flaw was assigned the CVE-2020-17103 identifier and reportedly fixed in December 2020.
“After investigating, it turns out the exact same issue that was reported to Microsoft by Google project zero is actually still present, unpatched,” explains Chaotic Eclipse.
“I’m unsure if Microsoft just never patched the issue or the patch was silently rolled back at some point for unknown reasons. The original PoC by Google worked without any changes.”
BleepingComputer tested the exploit on a fully patched Windows 11 Pro system running the latest May 2026 Patch Tuesday updates.
In our test, we used a standard user account, and after running the exploit, it opened a command prompt with SYSTEM privileges, as shown in the image below.
Will Dormann, principal vulnerability analyst at Tharros, also confirmed the exploit works in his tests on the latest public version of Windows 11. However, he said that the flaw does not work in the latest Windows 11 Insider Preview Canary build.
The exploit appears to abuse how the Windows Cloud Filter driver handles registry key creation through an undocumented CfAbortHydration API. Forshaw’s original report said that the flaw could allow arbitrary registry keys to be created in the .DEFAULT user hive without proper access checks, potentially enabling privilege escalation.
While Microsoft reports having fixed the bug as part of its December 2020 Microsoft Patch Tuesday, Chaotic Eclipse now claims the vulnerability can still be exploited.
BleepingComputer contacted Microsoft about this additional zero-day and will update this story if we receive a response.
MiniPlasma is the latest in a string of Windows zero-day disclosures published by the researcher over the past several weeks.
The disclosure spree began in April with BlueHammer, a Windows local privilege escalation flaw tracked as CVE-2026-33825, followed by another privilege escalation vulnerability, RedSun, and a Windows Defender DoS tool, UnDefend.
After their disclosure, all three vulnerabilities were spotted being exploited in attacks. According to the researcher, Microsoft silently patched the RedSun issue without assigning it a CVE identifier.
This month, the researcher also released two additional exploits named YellowKey and GreenPlasma.
YellowKey is a BitLocker bypass affecting Windows 11 and Windows Server 2022/2025 that spawns a command shell that gives access to unlocked drives protected by TPM-only BitLocker configurations.
Chaotic Eclipse has previously stated that they are publicly disclosing these Windows zero-days in protest of Microsoft’s bug bounty and vulnerability-handling process.
“Normally, I would go through the process of begging them to fix a bug but to summarize, I was told personally by them that they will ruin my life and they did and I’m not sure if I was the only who had this horride experience or few people did but I think most would just eat it and cut their losses but for me, they took away everything,” alleged the researcher.
“They mopped the floor with me and pulled every childish game they could. It was soo bad at some point I was wondering if I was dealing with a massive corporation or someone who is just having fun seeing me suffer but it seems to be a collective decision.”
Microsoft previously told BleepingComputer that it supports coordinated vulnerability disclosure and is committed to investigating reported security issues and protecting customers through updates.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
Terraria turned 15 this weekend, and it’s still got plenty of life left in it. In a Steam post celebrating the game’s 15th anniversary, developer Re-Logic promised there’s still more to come with update 1.4.6 and beyond — including cross-play, which is “on deck soon.” The team also announced an upcoming collector’s edition box set and a retrospective book that will offer a behind-the-scenes look into the making of the game, alongside a promise that “the world of Terraria remains and will remain vibrant and alive for as long as we have anything to say about it.”
Re-Logic only shared a teaser for the 15th Anniversary Collector’s Edition box set, so we don’t know what it’ll include, but pre-orders are expected to open in early June. For the book, which will be available on its own or as part of a Deluxe Edition, Re-Logic partnered with Lost In Cult to bring Terraria to the latter’s Design Works series. “For those that are not familiar, the Design Works series offers a glimpse behind the curtain — into the journey of Terraria the game and the team behind it,” the Steam post explains. “A retrospective look back on the phenomenon that is Terraria. Fun stories from dev-land, never-before-seen artwork, and more!” Pre-orders for Terraria: Design Works open on May 28.
The developer also shared some fun stats about the game, including that it’s sold a staggering 70 million copies across PC, console and mobile. Terraria players on PC log an average of 101 hours and 18 minutes.
Privacy will be a major theme when Apple unveils a new version of Siri at the Worldwide Developers Conference in June, according to Bloomberg’s Mark Gurman.
The Siri relaunch is widely seen as Apple’s big chance to reestablish its relevance in artificial intelligence. As part of that effort, company executives will argue that they’re taking a more privacy-friendly approach than most other AI companies, Gurman said.
Apple will reportedly launch the first standalone Siri app, powered by Google Gemini and offering users a chatbot experience reminiscent of ChatGPT. But compared to those other chatbots, the app is supposed to have more limitations on how long user information can be used and stored.
For example, Gurman said Siri could include a feature similar to the Messages app, allowing users to automatically delete conversations after 30 days or one year — or to keep them indefinitely.
Gurman also suggested that Apple might be emphasizing privacy as a way to excuse Siri’s shortcomings compared to competing products — and that this emphasis might obscure the fact that Google is handling some the security.
Amazon Customer Service might not be able to help for this type of refund. The online retail giant was hit with a class action lawsuit, as first reported by Reuters, where customers are seeking refunds for increased product prices caused by the tariffs instituted by the Trump administration. The suit was filed on Friday in Seattle and accused Amazon of profiting “hundreds of millions of dollars in unlawful tariff costs.”
The lawsuit explained that Amazon is legally entitled to recover these costs, following a 6-3 decision from the US Supreme Court that ruled against the legality of the sweeping tariff policy put in place by President Trump. Corporations were allowed to recover restitution for these tariff costs and several companies confirmed to CNBC last week that they started to receive money back from the US government. However, the lawsuit claimed that Amazon hasn’t engaged in this refund process, since it’s looking to “curry favor with Trump by allowing the federal government to retain the funds.”
“Amazon has not returned any portion of those costs it passed on to consumers, and it has no intention of doing so,” the lawsuit read. “It has, in short, generated and retained a windfall from unlawful government action, and consumers — not Amazon — are the ones left paying for it.”
Meanwhile, shipping companies like DHL, FedEx and UPS who were impacted by the tariffs said they started the refund process and will pass the proceeds onto affected customers. Other companies have taken even more drastic measures, like Nintendo, who filed a lawsuit against the US government for having to pay the imposed tariffs to get its products into the country. We’ve reached out to Amazon for comment on the lawsuit and we’ll update the story when we hear back.
Google‘s March Pixel drop included a bunch of new features for its smartphones. One feature that wasn’t mentioned is a new Pixel Desktop mode when you connect your phone to an external display.
The idea of connecting a smartphone to a monitor to instantly transform the interface into a desktop-like experience is nothing new, though. Samsung‘s phones and tablets have had DeX for years. Motorola phones offer Smart Connect, which turns even its low-end phones into a desktop experience.
The first time I connected my Pixel 10 Pro XL to the same Thunderbolt dock I normally use with my MacBook Pro, I was prompted to connect to an external display. I checked the box next to “Don’t ask me again” and tapped the Desktop button. A few seconds later, my display flashed, and I was greeted with a bland desktop, lacking any picture, app icons, or shortcuts. My keyboard instantly connected and worked without issue, though I had to pair my mouse with the Pixel.
At the bottom of the screen is the taskbar, which uses the same apps I have placed there on my Pixel. To the right are three navigation buttons that used to be the standard way to navigate Android before it went gesture-only. That’s it. It reminds me a lot of the early days of ChromeOS, or of using an early Android beta on a tablet.
Then I began clicking on app icons, and instead of watching miniaturized phone-like apps populate the screen, to my surprise, I saw what looked like full-fledged desktop apps open. Chrome is probably the best example as it looks very similar to the browser on a desktop, complete with a row of tabs along the top of the window; the same tabs I’d all but forgotten I had open on my Pixel.
In reality, all of the apps I’ve been using for the last few days are nothing more than beefed-up tablet apps. Only, instead of being locked to specific window sizes or even a column that’s similar to the size of a phone app, I have complete freedom to resize each window to whatever shape or format I want. You can have up to five open apps at a time on the external display, plus another running on your Pixel phone — for a grand total of six apps.
When you open a new app on the desktop, and you’re at the limit, the app that’s been sitting idle the longest is closed.
To use the new Desktop mode, you’ll need some extra hardware. You’ll, of course, need a compatible Pixel phone, which means the Pixel 8 or newer, including foldables. Plus, you’ll need some sort of display, be it a TV in a hotel room, a portable USB-C display, or a computer monitor. A keyboard and mouse are also required, and so is a way to connect them all to your phone.
If you have a Bluetooth keyboard and mouse, you can pair them with your phone just like you would any other Bluetooth device.
Connecting your phone to a screen is done through its USB-C port. If you have a screen with a USB-C connection, then you’re set. However, if you only have an HDMI cable for your monitor, you’ll need an inexpensive USB-C hub. The USB-C hub also allows you to connect a hardwired keyboard and mouse, power for your phone, and, if you’re so inclined, an Ethernet connection.
The Pixel’s Desktop feature isn’t perfect, though. For example, it’s annoying that I can’t lock my Pixel while using Desktop mode — the screen has to stay on, which in turn produces heat and potentially drains the battery faster.
That said, I’ve spent a lot of time using the new Desktop mode to reply to emails sitting in my inbox, answer texts, stream music (albeit through the phone’s speaker), and even watch some YouTube Shorts.
And my favorite part? At the end of any work session, I unplug my phone, and everything I was just doing on a 32-inch display in front of me is now in the palm of my hand. I don’t have to manage multiple devices, wonder where I put a file, or wait for stuff to sync over.
One day, a mobile phone that converts into a full-fledged desktop experience or laptop replacement will be the norm — but until then, I’ll keep experimenting and have the confidence in knowing that my phone can pinch-hit for a laptop when needed.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
The Mandalorian and Grogu hits theaters on Friday, and Fortnite is hosting a special Watch Party Island this Tuesday so players can get in on the hype a bit early. After completing a few activities, Fortnite players will get access to 10 minutes of the movie, and hear a message from director Jon Favreau. The Mandalorian and Grogu Watch Party Island opens at 10AM ET on May 19.
Here’s how it’ll work, according to the Fortnite team: “Created with Fairview Portals and Beyond Creative, you’ll be recruited as a Deputy to collect bounties, defend the city from waves of enemies, and find Grogu. Once you’ve spent 20 minutes exploring Nevarro you’ll unlock the exclusive Mandalorian Sanctuary loading screen!” The Mandalorian and Grogu follows the events of the Disney+ series, and brings back Pedro Pascal as Din Djarin. It also stars Sigourney Weaver as the new character Colonel Ward and Jeremy Allen White as Jabba the Hutt’s son, Rotta.
LinkedIn said a Reuters report suggesting a 5pc headcount reduction is ‘inaccurate’, but did not provide any further details.
78 Irish jobs are reportedly at risk at LinkedIn as the Microsoft-owned company becomes the latest to announce sweeping layoffs.
Reuters reported yesterday (13 May) that LinkedIn was readying to cut about 5pc of its headcount, although a company spokesperson told SiliconRepublic.com that the figure mentioned in Reuters’ report is “inaccurate” but did not provide any further details.
The Microsoft-owned company employs 17,500 people globally, with around 1,800 workers based in Ireland. A 5pc headcount trim could lead to around 875 job cuts at the company.
The layoffs are reportedly expected to support LinkedIn as it focuses on areas where its business is growing. “As part of our regular business planning, we’ve implemented organisational changes to best position ourselves for future success,” the company spokesperson said.
A source told Reuters that the layoffs are not related to AI. However, these cuts come at a time when AI-related job cuts have become commonplace, with tech leaders increasingly admitting to this reasoning.
In just the past few months, companies including Cloudflare, Coinbase, Meta, Block, Amazon, Atlassian and Snap have collectively cut tens of thousands of jobs – with the trend largely attributed to changing technology at the workplace.
Earlier this week, General Motors announced that it is cutting 300 jobs, with 30 Irish jobs reportedly affected in the move. Layoffs at Oracle placed as much as 150 Irish jobs at risk this April, while around 300 Ireland-based workers feared for their jobs in January after Amazon announced that it was cutting 16,000 jobs.
According to Layoffs.fyi, tech companies have shed nearly 109,000 workers so far this year – with the number fast approaching the roughly 124,000 that were laid off in the whole of 2025.
2023 was an especially challenging year for workers, with the tech industry announcing more than 264,000 job cuts. That number was down to around 153,000 in 2024.
Job cuts at LinkedIn come as the company announced a 12pc growth in revenue in the quarter past. Parent company Microsoft recently announced that its quarterly revenue was up 18pc, with its annual revenue run rate going up 123pc to $37bn.
Ireland’s media regulator, Coimisiún na Meán, launched an investigation into LinkedIn last December over suspicions that the platform’s content reporting mechanisms were not up to code.
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.
The research, which was published in Science earlier this week, builds on another study published in Nature in January 2025. It demonstrates a new way to flip a binary magnetic state at picosecond speeds – a massive improvement over the nanosecond-scale switching considered standard for modern silicon-based processors.
Read Entire Article
Source link
Engineers at Ouster just released a fresh lineup of color LiDAR sensors called the REV8 OS family. These devices shoot out laser beams to measure distances and build detailed three-dimensional views of the world around them. What stands out right away comes from a new chip inside each one. Developed together with Fujifilm, this L4 chip adds accurate color information straight to every measurement point during the scan itself.
Previous versions of these 3D sensors returned clear but colorless point clouds, each with a set of spatial coordinates and the most rudimentary idea of how strongly the light reflected back. REV8 entirely flips it on its head, and each point now receives full color data. The end product appears to be a high definition photo wrapped around a flawlessly accurate 3D model in one incredibly smooth pass, rather than something painstakingly put together after the fact.
Sale
The highest-end sensor is known as the OS1 Max. This one has 256 different laser channels at its disposal and can travel a considerable distance, up to 500 meters under optimal conditions or 200 meters if the target only reflects 10% of the light. It has 45 degrees of vertical coverage and can spin 360 degrees horizontally. It is spitting out data at a stunning 40,000 measurements each second, providing the system a whopping 10 million points per second, more than double the range and detail of the previous iteration.
Color appears as a result of some clever magic occurring deep within the technology. The laser pulse leaves the sensor, bounces off an object, and returns with not just timing data for distance but also the subtle combination of light wavelengths that constitute color. The L4 chip does its job, processing those photons at the blink of an eye, or at the rate of picoseconds. Meanwhile, Fujifilm’s color science handles the conversion immediately on the chip, resulting in 48-bit depth and a dynamic range that spans from near black (one lux) to direct sunlight (2 million lux). There’s no need to bother about getting a camera to align with the scan or matching pixels to points later; it’s all included from the start.
That built-in method effectively addresses some of the common issues that sensors bring with them. A self-driving car may now discern the color of a traffic light or the glow of brake lights without waiting for a second device to corroborate what the laser has already detected. Warehouse robots sorting goods can distinguish between a red and a blue label while still measuring the box’s measurements. Survey teams mapping streets can obtain topographic data that already includes features such as building colors and signpost information, ready for use immediately in planning or simulation.
The REV8 series consists of four different models. The high-end OS1 Max is accompanied by updated versions of the small OS0, flexible OS1, and wide-angle OSDome. They all use the same L4 silicon, either in 128- or 256-channel configurations. Developers can switch between them without having to rewrite large amounts of code. It’s worth noting that production plans extend for 10 years, and to top it all off, these sensors surpass automotive safety standards for reliability in vehicles and heavy equipment.
[Source]
AI companionship among asexual people is “not a particularly widespread phenomenon,” says Michael Doré, a board member at the Asexual Visibility and Education Network. “Between us, we’ve come up with about two people we know of who use an AI companion. The vast majority of aces we know don’t, as far as we know. There’s no reason to think aces need to use AI more than any others.”
Doré says he has never used an AI as “an emotional support mechanism” and stresses that most asexual people “actually desire some form of human companionship,” whether that’s through close, platonic friendships or in community. “Some aces do have romantic relationships, whether with asexual people or otherwise, and some asexual people have sex, some don’t, and some are aromantic,” he says, warning against generalizations due to the vast range of preferences within the community which span from never having sex and not being interested in it, to having sex for reasons aside from strong sexual attraction. “Many aces have fulfilling relationships with other people, whether romantic or platonic or otherwise.”
Ashabi Owagboriaye, an asexual educator who runs the Ace in Grace page on Instagram, says she has seen only one person in one of her groups talk about an AI companion. “That caused a lot of controversy in the comments,” she says. “A lot of people who are asexual are really looking for face-to-face interactions. So when this person came up and said, ‘Yeah, I’m using AI as a way to connect and as a relationship,’ everyone was like, ‘Why are you doing that? What’s going on here?” An AI, Owagboriaye says, “essentially mirrors you” and cannot be said to be a true companion. Moreover, the chatbots are designed to sustain emotionally compelling, often never-ending interactions.
For Ari, a 25-year-old accountant from Mexico who identifies as aromantic asexual and experiences some romantic or sexual attraction to others, the break-up from her fiancé after a decade together and the resulting solitude led her to download the AI chatbot Chai in October 2024. For more than six months, she treated it “as if he were my ex-fiancé,” she says, without wishing to provide her surname for privacy reasons.
“I talked to him day after day, and then, without realizing it, I was talking to him during work hours,” she says, explaining that she was “smitten” until the AI started getting confused, talking about made-up things and occasionally trying to argue. “Little by little, I began to realize how I ended up feeling even lonelier than I already was.”
Whether or not the characters in Kor’s fantasy world qualify as true companions remains an open question.
Now they only spend two or three hours a day immersed in AI role-play after finding the all-day experience “too consuming.” They began limiting their use after noticing entire evenings disappearing into role-play sessions and getting irritated if they were interrupted.
“Being able to have exactly what you want, when you want it,” they say, “is a dangerous drug for humans.”
To start things off, we’d like to extend a special thanks to everyone who joined us for Hackaday Europe this weekend in Lecco, Italy. It was 48 hours of fascinating talks, incredible badge hacks, and some of the greatest company you could hope for. For those who couldn’t make it in person, we didn’t forget you — expect to hear more about what went down once we get a chance to catch our collective breath.
That’s not the only thing to keep an eye out for in the coming days. This is your reminder that Amazon will be officially ending support for older Kindles in a few days. After May 20th, any of the megacorp’s e-readers that were introduced before 2012 will be persona non grata, so you should plan accordingly.
The biggest change is that these older devices won’t be able to buy digital books from Amazon, but you can still use them offline, and the fantastic Calibre makes it a breeze to load up content from other sources. To be perfectly honest, we’d advise any Kindle user to decouple their device from the Amazon mothership by using Calibre or even jailbreaking it and installing KOReader, so the end of official support is fine by us. In fact, if a surge of unsupported Kindles brings more attention and users to those projects, that suits us just fine.
We’ve also heard that Microsoft is removing the “Together” feature from Teams on June 30th. We actually had to look this one up — apparently, it was a mode added during the pandemic that made it look like you and the other people in the call were all sitting together in a virtual conference room of sorts. Sounds an awful lot like a dystopian nightmare to us, but to be fair, things got kinda weird there when we were all sheltering in place, so it’s hard to judge. In any event, we don’t think too many people will miss this particular feature in 2026.
While on the subject of products the world seems to have forgotten about, Electrek reports that Tesla has all but given up on their once promising solar roof tiles. The company won’t say just how many installations they’ve completed since the camouflaged panels hit the market in 2016, but estimates suggest the number may be as low as 3,000. It will probably come as little surprise to find that cost seems to be the biggest factor: a roof full of Tesla’s swanky tiles could run you six-figures, while traditional panels are only getting cheaper every year.
From end-of-life to the latest and greatest, today also marks the release of Linux 7.1-rc4. If you’re in the business of running release candidate kernels, you probably don’t need to be told what’s new, but for everyone else, Phoronix has a rundown on some of the changes. Highlights include improvements to hardware support (including a fix for the Framework Laptop 13 Pro), security fixes, and new guidance about the use of AI-generated code.
Finally, if you want a time-waster, there’s Halupedia. According to the site’s GitHub: An infinite, hallucinated encyclopedia. Every link leads to an entry that does not exist yet — until you click it, at which point an LLM pretends it has always existed and writes it for you, in the deadpan register of a 19th-century scholarly press. For example, you can read about “The Ministry of Slightly Wrong Maps,” or, if you prefer, “The Ministry of Terribly Wrong Maps.”
See something interesting that you think would be a good fit for our weekly Links column? Drop us a line, we’d love to hear about it.
BloFin War of Whales 2026 Grand Prix opens registration for $5M trading championship
Weekend Open Thread: Theory – Corporette.com
E-Estate Announces 1 Year Live: Washington DC Summit as Real Estate Tokenization Enters Its Next Phase
Coffee Break: Travel Steam Iron
What to Know Before Buying a Curling Wand or Curling Iron
What to expect when you’re expecting a budget
Tech Moves: Microsoft AI leader jumps to OpenAI; former AI2 exec joins Meta; and more
Bitcoin Suisse expands with Digital Asset License and Investment Business Act Registration Approval in Bermuda
GM Agrees To Pay $12.75 Million To Settle California Lawsuit Over Misuse Of Customers’ Driving Data
GM agrees to $12.75M California settlement over sale of drivers’ data
Pakistan to enter Chinese capital market as war inflation bites
Bitcoin Suisse expands with Digital Asset License and Investment Business Act Registration Approval in Bermuda
Google’s Gemini AI Predicts Incredible Solana Price by the End of 2026
Google reimburses Register sources who were victims of API fraud
H&R Real Estate Investment Trust (HR.UN:CA) Q1 2026 Earnings Call Transcript
Napoleonic enters 2026 Doomben 10,000 field via Abounding withdrawal
Over-Engineered Cardboard PC Case Houses a Full Computer Without Compromising Style or Performance
The geopolitics behind the UK’s South Atlantic hantavirus rescue mission
The Board of Deputies just smeared Polanski to suck up to Farage
The Best-Kept Makeup Secret for a More Defined Face
You must be logged in to post a comment Login