Microsoft threatens – Microsoft has moved to shut down a researcher’s public exploit-sharing accounts and is suggesting it could pursue a criminal case against Nightmare Eclipse for allegedly bypassing “proper coordination” in reporting vulnerabilities. Cybersecurity researcher Kev
For anyone watching the zero-day debate unfold in public, the timing has felt sharp. Microsoft disabled accounts tied to “Nightmare Eclipse” after the person posted proof-of-concept exploit code, including activity that suggested a personal dispute with the company.
Microsoft’s position is straightforward: it is considering legal action—described as a criminal case—against Nightmare Eclipse over a failure to follow “proper coordination” when disclosing vulnerabilities. The company disabled Nightmare Eclipse’s GitHub, GitLab, and Microsoft Security Response Center accounts.
Cybersecurity researcher Kevin Beaumont saw something else in the response: a ban that makes “responsible” reporting nearly impossible. Beaumont’s point landed with blunt clarity: “It’s quite difficult to ‘responsibly’ report future vulnerabilities when you have been banned.”
The exchange isn’t happening in a vacuum. Nightmare Eclipse has been publicly feuding with Microsoft, and some posts suggest the person could be a disgruntled former employee. That framing may help explain why the story has spilled beyond private coordination channels and into open, code-based confrontation.
Beaumont’s larger concern is about consistency. He argues that Microsoft has hired people who have done many of the same things—publicly posting zero-day exploits—and that some of those individuals have criminal hacking convictions on their records. He also points to another practice: Microsoft has purchased exploits from brokers.
With those facts on the table. the question becomes less about whether disclosure rules exist. and more about whether they’re being applied the same way to everyone. If Microsoft’s approach is to frame punishment around “responsible disclosure” coordination—especially where the framework can be described as arbitrary—Beaumont suggests the company could struggle in court.
The worry is that, if the dispute becomes a legal fight, the record of Microsoft’s own prior decisions would surface. Beaumont’s warning is not subtle: there is “a whole clown car of prior decision making within Microsoft and facts which would emerge in that process.”
Right now, Microsoft’s move is already concrete. The accounts are disabled, the criminal-case language is in play, and the enforcement posture is clear. For researchers and security defenders trying to find a path through vulnerability reporting. the message reads like a warning written in shut-down access: public disclosure may bring consequences. even when the material is shared in the name of demonstration.
Microsoft Nightmare Eclipse zero-day exploits vulnerability disclosure criminal case GitHub GitLab Microsoft Security Response Center Kevin Beaumont cybersecurity
So Microsoft is gonna sue over posting code? Seems like typical big tech trying to control everything.
I don’t get how this is “criminal” tho. If they found a bug and posted it, isn’t that the whole point? Sounds like they’re mad because it was public and not on some secret checklist.
Beaumont said the ban makes “responsible” reporting impossible, but maybe that’s just what happens when you mess up coordination. Like ok, you post PoC and then act surprised when Microsoft freaks out. Also “Nightmare Eclipse” sounds like a disgruntled employee thing which… sure.
Wait, so Microsoft disables GitHub/GitLab accounts and calls it a criminal case?? That seems kinda scary, like they’re doing the punishment part before court. And I saw somewhere else that they buy exploits from brokers too, so how is that any different? If they were consistent, why are they singling one person out like that, especially if other people posted similar zero-days and got away with it?