Nightmare-Eclipse Tooling Moves From Public PoC to Real-World Intrusion

Huntress has observed real-world threat actors leveraging public Nightmare-Eclipse privilege escalation tools—including BlueHammer, RedSun, and UnDefend—alongside compromised FortiGate SSL VPN credentials and custom tunneling malware, marking a shift from proof-of-concept to active intrusion and highlighting the urgent need for organizations to monitor for these attack patterns and respond swiftly.