Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops
Microsoft says uncoordinated disclosures could harm customers as the researcher threatens another release after six Windows zero-days were posted online.
- On Wednesday, Microsoft threatened legal action against researcher Nightmare Eclipse for publishing six unpatched Windows zero-day vulnerabilities, claiming uncoordinated disclosures harm customers and the digital ecosystem.
- Nightmare claims Microsoft deleted their reporting account and withheld payments after mistreatment, while Redmond contends the researcher failed to report vulnerabilities through official channels before public disclosure.
- Attackers began exploiting BlueHammer, RedSun, and UnDefend shortly after Nightmare published proof-of-concept code, while the researcher threatened a "bone shattering" drop for July 14.
- Security experts criticized Microsoft's response, with Luta Security CEO Katie Moussouris calling it a "dumpster fire" and questioning the outdated term "responsible disclosure."
- This "David and Goliath dynamic" reflects systemic vendor-researcher tension, as Nightmare noted "Microsoft still has chains in my hands," preventing document releases until July 14.
11 Articles
11 Articles
The Register
IT Security News - cybersecurity, infosecurity newsDisgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops
The ongoing saga of Microsoft versus Nightmare Eclipse (aka Chaotic Eclipse), the disgruntled bug hunter with a deep understanding of Windows and an even deeper grudge against Microsoft, reached a fever pitch, with the researcher, who has thus far released six Windows zero-days, promising a “bone shattering” drop on July 14. Microsoft, for its part, finally responded to the security researcher and their weaponized Windows flaws with a blog post …
Microsoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It.
Microsoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It. Pierluigi Paganini May 29, 2026 A researcher dropped 6 Windows zero-days with no warning. Three are now exploited in the wild. Microsoft is angry. The researcher says Microsoft ignored them first. Over the past month, a researcher going by Chaotic Eclipse, also known as Nightmare-Eclipse, publicly released details of six unpatched vulnerab…
A conflict between Microsoft and a security researcher is escalating. After the closure of its GitHub account, the discoverer is threatened with further revelations. The US-American technology company Microsoft has issued a clear statement on the uncoordinated publication of security vulnerabilities. The company thus reacted to the recent activities of a security researcher operating under the pseudonyms Chaotic Eclipse and Nightmare Eclipse. In…
Microsoft and security researcher’s dueling posts about cybersecurity disclosures get nasty
Microsoft and a prominent cybersecurity researcher have gotten into a very public and rather personal exchange of unpleasantries about what responsible cybersecurity disclosures should mean in 2026. A cybersecurity researcher going by the name Nightmare Eclipse, who has disclosed several cybersecurity holes before patches were available, posted that he had tried to contact Microsoft officials and was rebuffed, which led him to publish details a…
The discussion about zero-day vulnerabilities in Windows gained a new chapter after a public conflict between security researchers and the giant Microsoft technology. The case involves the disclosure of critical flaws still uncorrected, the performance of platforms like GitHub and GitLab, and the ban of a researcher known as Chaotic Eclipse. The episode rekindles the debate about how much failure disclosure should be public before an official co…
Coverage Details
Bias Distribution
- 50% of the sources lean Left, 50% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium
