< Back to all clusters
[TECHNOLOGY] · United States, Argentina · 5 sources

Microsoft threatens criminal case against zero‑day researcher over exploit disclosures

Microsoft announced it may pursue criminal charges against a security researcher known as Nightmare Eclipse for publishing proof‑of‑concept exploits without following the company's coordinated disclosure process. The firm also disabled the researcher’s accounts on GitHub, GitLab and its own Security Response Center, arguing that the disclosures violated its responsible‑disclosure policy. Critics, including security analyst Kevin Beaumont, warn that the move could make it harder for researchers to report vulnerabilities, especially as Microsoft has hired individuals with prior zero‑day exploitation histories and purchases exploits from intermediaries. Beaumont highlighted the difficulty of “responsibly” disclosing future flaws when researchers are banned from the platforms used to share findings.