All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Microsoft condemns uncoordinated Windows zero-day releases, researcher threatens further disclosures

By

Alexander Martin

1d ago· 4 min readenNews
Bagel score 90 of 100
90/100
Golden Brown
Bagelometer

Slow-proofed and worth the wait. Worth its weight in flour.

Score90TypenewsSentimentnegative

Summary

Microsoft has responded to a campaign of uncoordinated Windows zero-day vulnerability releases by a pseudonymous researcher known as Nightmare Eclipse, calling such disclosures "never justifiable" and hinting at potential legal action. The researcher published multiple zero-day exploits with working proof-of-concept code on GitHub (a Microsoft-owned platform) starting in April, making them available to both attackers and defenders. Microsoft condemned the practice, arguing it enables cybercrime, while the researcher threatened to release more vulnerabilities. The incident highlights ongoing tensions between security researchers and software vendors over responsible disclosure practices.

Key quotes

· 3 pulled
Microsoft calls zero-day releases 'never justifiable'
Each was published with working proof-of-concept code to the Microsoft-owned code repository GitHub, making them immediately available to both attackers and security professionals.
The researcher's GitHub account has since been removed, and their Blogger pa
Snippet from the RSS feed
Each vulnerability was published with working proof-of-concept code to the Microsoft-owned code repository GitHub, making them immediately available to both attackers and security professionals.

You might also wanna read

Anonymous researcher releases two new Windows zero-day exploits after Patch Tuesday

An anonymous security researcher (Nightmare-Eclipse/Chaotic Eclipse) has released two new Windows zero-day exploits — YellowKey (a BitLocker

theregister.com·3d ago

Security researcher publishes YellowKey zero-day exploit that bypasses Microsoft BitLocker encryption via USB stick

Security researcher Chaotic Eclipse (Nightmare-Eclipse) has published two new zero-day exploits targeting Microsoft systems after their prev

tomshardware.com·18d ago

CVE-2025-53136: Microsoft Patches Windows Kernel Information Disclosure Vulnerability Bypassing KASLR

Microsoft patched CVE-2025-53136, a kernel information disclosure vulnerability in Windows NT OS Kernel that allowed leaking kernel base add

crowdfense.com·8mo ago

Microsoft's Role in NPM Supply Chain Security Risks and Historical Parallels

The article criticizes Microsoft as a "bad actor" and threat to software development companies, drawing parallels between current NPM supply

tane.dev·8mo ago

Security researcher claims BitLocker bypass vulnerability may be intentional Microsoft backdoor

A security researcher known as Nightmare-Eclipse has discovered and released YellowKey, a vulnerability that allegedly bypasses Microsoft's

techspot.com·14d ago

Security Researcher Discovers Vulnerabilities in VSCode Extensions and Core Software

A security researcher details their discovery and disclosure of three vulnerabilities in VSCode extensions and one in VSCode itself (CVE-202

blog.trailofbits.com·3mo ago