Microsoft is threatening legal action and law enforcement involvement against a security researcher who published a series of unpatched vulnerabilities and exploit code for its products. This situation has reignited the debate over responsibility between major tech giants and independent researchers. In a blog post, Microsoft sharply criticized the researcher, known as "Nightmare Eclipse," for publicly disclosing dangerous bugs such as BlueHammer, RedSunUnDefend, and YellowKey. According to Techcrunch.com reports.
The company claims the researcher did not report the bugs beforehand, which allowed hackers to potentially attack systems like Windows Defender and BitLocker. Microsoft's Digital Crimes Unit labeled these actions as facilitating criminal activity and stated it would cooperate with law enforcement agencies worldwide. However, Nightmare Eclipse claims they attempted to contact Microsoft, but the company blocked their Microsoft Security Response Center account.
As a result of this dispute, the researcher's accounts on GitHub and GitLab were also banned. This incident has sparked significant outrage within the cybersecurity community. Many experts, including Katie Moussouris, one of the founders of bug bounty programs, criticized Microsoft's approach, accusing the company of mishandling its relationship with researchers.
Read “Zamin” on Telegram!
