SANS Stormcast Thursday, May 14th, 2026: Flexbile Windows Proxy; News From Nightmare Eclipse; Adobe Patches

In this Stormcast briefing, host Johannes Ulrich highlights Proxifier, a Windows utility that redirects traffic from individual binaries to a chosen proxy such as Burp Suite. By applying per‑application network rules, analysts can isolate API calls without flooding the proxy with unrelated data, streamlining debugging and reducing noise. This approach is especially valuable for penetration testers who need precise visibility into a single program’s HTTP behavior while preserving the rest of the system’s network flow.

The episode also dives into two high‑impact vulnerabilities disclosed by the researcher Nightmare Eclipse. The "Yellow Key" flaw subverts BitLocker’s shutdown lock by using a specially crafted USB stick, allowing an attacker to reboot into rescue mode and access the still‑encrypted drive. A related exploit, "Green Plasma," provides a universal memory‑injection primitive that can be leveraged for privilege escalation across Windows environments, even though only a partial proof‑of‑concept is available. Both findings underscore the importance of rigorous firmware validation and strict USB device controls in enterprise endpoints.

Finally, Adobe’s latest patch Tuesday addressed ten products, with Adobe Connect receiving a fix for a deserialization bug that could lead to arbitrary code execution, and Adobe Commerce patched two critical issues: an XSS‑driven remote code execution and a path‑traversal vulnerability that permits unauthorized file access. Organizations running Adobe’s e‑commerce stack should prioritize these updates to mitigate supply‑chain risk and protect customer data. The combined insights reinforce a proactive patch‑management strategy and the need for layered security controls across network, endpoint, and application layers.