Microsoft faces backlash over action against researcher sharing exploit code
31 May 2026
Microsoft is facing flak for its action against a security researcher who publicly shared proof-of-concept code for software vulnerabilities.
The person, known as "Nightmare Eclipse," has been at loggerheads with Microsoft over the disclosure of zero-day exploits.
They have posted exploit code online and hinted they could be a Microsoft employee.
Microsoft's actions draw criticism from cybersecurity experts
Controversial measures
In response to the situation, Microsoft has suspended several of Nightmare Eclipse's accounts and hinted at possible legal action.
The company's actions have drawn criticism from cybersecurity experts who are questioning the tech giant's approach.
Cybersecurity researcher Kevin Beaumont highlighted Microsoft's handling of the situation in a recent post, saying, "It's quite difficult to 'responsibly' report future vulnerabilities when you have been banned."
Potential criminal case against Nightmare Eclipse
Policy enforcement
Microsoft has said it could pursue a criminal case against Nightmare Eclipse for not following "proper coordination" when disclosing vulnerabilities.
The company also suspended the individual's GitHub, GitLab, and Microsoft Security Response Center accounts.
This move has been criticized by Beaumont, as he questioned how one can responsibly report future vulnerabilities after being banned by the tech giant.
Microsoft's inconsistent stance on 0-day exploits
Inconsistency concerns
Beaumont also raised concerns over Microsoft's inconsistent stance on zero-day exploits.
He pointed out that the company has previously hired people who publicly disclosed such exploits, some even with criminal hacking convictions.
The cybersecurity researcher also noted that Microsoft has bought exploits from third-party brokers, questioning their current approach toward Nightmare Eclipse and similar cases.
Broader debate on vulnerability disclosure practices
Ongoing debate
The dispute between Microsoft and Nightmare Eclipse has sparked a wider debate in the cybersecurity community.
The discussion centers on vulnerability disclosure practices and how tech companies should handle cases where researchers publicly disclose exploit information.
This incident highlights the ongoing tension between security researchers' efforts to expose vulnerabilities for public awareness and tech giants' need to protect their systems from potential threats.
-
Kansas City emerges as the costliest 2026 World Cup Airbnb destination with an average of $539.95 per night
-
Liverpool dismiss head coach Arne Slot after disappointing season
-
Do your feet smell bad even without wearing shoes in summer? Try these hacks and see amazing
-
Sachin Tendulkar became a fan of Vaibhav Suryavanshi, said – This young batsman has full potential to play Test cricket.
-
IPL 2026 Final: RCB chose bowling in the title battle, GT entered with one change
