All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Microsoft threatens security researcher with legal action over public disclosure of unpatched bugs

By

Lorenzo Franceschi-Bicchierai

1d ago· 5 min readenNews
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

A baker's-dozen of insight crammed into one ring.

Score100TypenewsSentimentnegative

Summary

Microsoft threatened independent security researcher "Nightmare Eclipse" with legal action and criminal investigation after they publicly disclosed several unpatched vulnerabilities (BlueHammer, RedSun, UnDefend, Yello) in Microsoft products along with exploit code. The incident reignites the long-standing debate over responsible disclosure and whether security researchers have an obligation to privately report bugs to large tech companies before going public.

Key quotes

· 3 pulled
Microsoft's veiled threat reignites a long-running argument over what responsibility, if any, security researchers have to disclose vulnerabilities affecting large and wealthy tech giants.
On Wednesday, Microsoft published a blog post criticizing the researcher, who goes by the handle 'Nightmare Eclipse,' for publicly disclosing a series of bugs.
After a security researcher published a series of unpatched bugs in Microsoft products, along with code to exploit them, the company is now threatening to take legal action and call the cops on them.
Snippet from the RSS feed
A public spat between Microsoft and an independent security researcher reopens a long-running debate over who is responsible for securing software.

You might also wanna read

Anonymous researcher releases two new Windows zero-day exploits after Patch Tuesday

An anonymous security researcher (Nightmare-Eclipse/Chaotic Eclipse) has released two new Windows zero-day exploits — YellowKey (a BitLocker

theregister.com·3d ago

Security researcher publishes YellowKey zero-day exploit that bypasses Microsoft BitLocker encryption via USB stick

Security researcher Chaotic Eclipse (Nightmare-Eclipse) has published two new zero-day exploits targeting Microsoft systems after their prev

tomshardware.com·17d ago

Critical Misconfiguration in Microsoft's Internal Applications Exposes Sensitive Data

The article details a security researcher's discovery of a critical misconfiguration in Microsoft's internal applications, which allowed una

research.eye.security·9mo ago

CVE-2025-53136: Microsoft Patches Windows Kernel Information Disclosure Vulnerability Bypassing KASLR

Microsoft patched CVE-2025-53136, a kernel information disclosure vulnerability in Windows NT OS Kernel that allowed leaking kernel base add

crowdfense.com·8mo ago

Security researcher claims BitLocker bypass vulnerability may be intentional Microsoft backdoor

A security researcher known as Nightmare-Eclipse has discovered and released YellowKey, a vulnerability that allegedly bypasses Microsoft's

techspot.com·14d ago

Microsoft's Role in NPM Supply Chain Security Risks and Historical Parallels

The article criticizes Microsoft as a "bad actor" and threat to software development companies, drawing parallels between current NPM supply

tane.dev·8mo ago