Top stories.
- Nightmare Eclipse drops another Windows zero-day.
- The Gentlemen topped the ransomware leaderboard in Q2 2026.
- Ransomware attack disrupts Fairlife dairy production.
Nightmare Eclipse drops another Windows zero-day.
Disgruntled researcher Nightmare Eclipse released a proof-of-concept exploit dubbed "LegacyHive" that can lead to privilege escalation on Windows systems, SecurityWeek reports. The researcher released the PoC on Tuesday, just after Microsoft issued fixes for nearly 600 flaws in its Patch Tuesday updates. Unlike previous Nightmare Eclipse releases, however, LegacyHive was stripped of code that would enable immediate exploitation.
Nightmare Eclipse stated, "The PoC requires another standard user credentials and a third username (which can be an administrator account), if the PoC is successful, it will end up mounting the target user hive in current user classes root. The PoC was stripped down as an attempt to prevent public exploitation, the original PoC did not require additional user credential and was not limited to usrclass.dat hive, any hive could be loaded using this vulnerability but you would need some brain cells to make the PoC do it."
Microsoft said in a statement that the company is investigating the issue, adding, "[W]e support coordinated vulnerability disclosure, an industry standard that protects customers and supports the research community by ensuring their findings are thoroughly investigated and addressed before being made public."
The Gentlemen topped the ransomware leaderboard in Q2 2026.
ReliaQuest says The Gentlemen ransomware gang claimed the most victims in the second quarter of 2026, overtaking Qilin, DragonForce, and Coinbase Cartel. ReliaQuest notes, "Over the course of the past three quarters, The Gentlemen became the most-active group, powered by aggressive affiliate recruitment and a well-packaged intrusion kit that lowers the bar for new operators. The group posted 300 victims in Q2, edging out Qilin at 289. In Q1, The Gentlemen’s 588% quarter-over-quarter surge to 179 posts earned it second place, making this quarter’s lead a natural next step."
The researchers also highlight another group called "Deadlock" that began publicly naming victims in June, after eleven months of quiet extortion and private negotiations. The report states, "[Deadlock's] quiet 2025 profile understated its real capability, and the data-leak site debut is an inflection point. A low profile was never low risk, and now that Deadlock has gone public, it operates in the same arena as established players like The Gentlemen and Qilin."
Ransomware attack disrupts Fairlife dairy production.
The Coca-Cola Company disclosed yesterday that a ransomware attack against its Fairlife dairy subsidiary disrupted production of Fairlife products across the US, BleepingComputer reports. The company said the threat actor gained access to "production-related systems," leading the company to activate its incident response and business continuity protocols.
Coca-Cola said in an SEC filing, "Product quality and safety have not been impacted. However, as a result of the incident, production operations at fairlife in the United States are temporarily suspended. fairlife’s Canada production operations are not currently impacted. The Company is working diligently to complete the investigation and restore the systems and impacted operations. The full scope, nature and impacts of the incident are not yet known."