A disgruntled security researcher has publicly released two Windows zero-day vulnerabilities called YellowKey and GreenPlasma. YellowKey allows attackers with physical access to bypass BitLocker encryption on Windows 11 machines, even those protected with TPM, by exploiting a hidden component in the Windows Recovery Environment that the researcher suspects may be an intentional backdoor. GreenPlasma enables privilege escalation to system-level access, and multiple security experts have confirmed both exploits work on recent Windows builds, raising concerns that attackers could quickly weaponize the publicly available proof-of-concept code before Microsoft issues patches.