LmCast :: Stay tuned in

GitHub bans security researcher who posted zero-day Windows exploits

Recorded: May 28, 2026, 11:01 p.m.

Original Summarized

Microsoft's GitHub bans security researcher who posted zero-day Windows exploits because company 'ruined their life' — expert claims action is vindictive and promises further retaliation | Tom's Hardware

Skip to main content

Unlock world-class roadmaps & trusted Bench data.
See More

×
Unparalleled insights. Industry analysis. Insider access.
Tom's Hardware Premium equips you with world-class
coverage and detailed insights into the evolving hardware landscape.

✓Full access to our trusted Bench database:
Access granular performance data instantly.
✓Exclusive hardware roadmaps: Peer into the
future of the hardware industry.
✓Daily news analysis: Dive deep into the
biggest stories.

Subscribe to our annual plan for just $29

Open menu

Tom's Hardware

US Edition

UK

US

Australia

Canada

RSS

Subscribe

Sign in

View Profile

Sign out

Search

Search Tom's Hardware

Best Picks

CPU Buying Advice

CPU Best Picks

CPU Reviews

GPU Buying Advice

GPU Best Picks

GPU Reviews

Laptop Buying Advice

Laptop Best Picks

Laptop Reviews

More Buying Advice

Keyboard Best Picks

Gaming Monitor Best Picks

Gaming Headset Best Picks

3D Printer Best Picks

Webcam Best Picks

Mice Best Picks

How We Test


CPUs

CPU Brands

AMD Ryzen

Intel Lunar Lake

Nvidia

Qualcomm

Apple

Benchmarking

Platforms

X86

ARM

Panther Lake

Zen 5

AM5

Chipmaking

DUV

EUV

Rare Earth Metals


GPUs

GPU Brands

Nvidia Blackwell

Nvidia Geforce

AMD Radeon

Intel Arc

Snapdragon X

Benchmarking

Memory Tech

GDDR7

GDDR8

HBM

AI Architecture

Nvidia Vera Rubin

Meta MTIA

Google TPU

AMD Instinct

Microsoft Maia

Drivers

PC Components

Memory

RAM

DRAM

DDR5

Storage

HDDs

SSDs

Cooling

Air Cooling

Liquid Cooling

Thermal Paste

Networking

Routers

Motherboards

Overclocking

PC Cases

PC Building

Power Supplies

News

Tech Industry News

CPU News

GPU News

Chips Act

Semiconductors

Cybersecurity

Supercomputers

Quantum Computing

Company News

AMD

Intel

Nvidia

Radeon

Microsoft

TSMC

Ryzen

IBM

Newsletter

Laptops

Gaming Laptops

Ultrabooks

MacBooks

Laptop Brands

Asus

Razer

HP

MSI


Desktops

PC Building

PC Cases

Gaming PCs

Monitors

Gaming Monitors

Peripherals

Keyboards

Mice

3D Printers

Headphones

Desktop Brands

Alienware

Corsair

GeForce

Intel Arc

Gigabyte

Acer


Software & AI

Artificial Intelligence

Machine Learning

R&D

Intel Gaudi

Cerebras

xAI

LLMs

OpenAI

Anthropic

DeepSeek

Gemini

Grok

Operating Systems

Windows

MacOS

iOS

ChromeOS

Linux

Software

Programming

Applications

Microsoft Office

Web Browsers


Coupons

Laptop and PC Coupons

Dell Coupon Codes

Asus Coupon Codes

Logitech Promo Codes

Samsung Promo codes

Hardware Coupons

Newegg Promo Codes

Corsair Discount Codes

Razer Promo Codes

Anycubic Discount codes

Software Coupons

Bitdefender Coupons

Simplisafe Coupons

MacPaw Coupons

Squarespace Coupon Codes

Gaming Coupons

Kinguin Discount Codes

Loaded Discount Codes

Logitech G Promo Codes

SteelSeries Coupons


More

Premium

Forums

home

Best Picks

View Best Picks

CPU Buying Advice

CPU Best Picks

CPU Reviews

GPU Buying Advice

GPU Best Picks

GPU Reviews

Laptop Buying Advice

Laptop Best Picks

Laptop Reviews

More Buying Advice

Keyboard Best Picks

Gaming Monitor Best Picks

Gaming Headset Best Picks

3D Printer Best Picks

Webcam Best Picks

Mice Best Picks

How We Test

CPUs

View CPUs

CPU Brands

AMD Ryzen

Intel Lunar Lake

Nvidia

Qualcomm

Apple

Benchmarking

Platforms

X86

ARM

Panther Lake

Zen 5

AM5

Chipmaking

View Chipmaking

DUV

EUV

Rare Earth Metals

GPUs

View GPUs

GPU Brands

Nvidia Blackwell

Nvidia Geforce

AMD Radeon

Intel Arc

Snapdragon X

Benchmarking

Memory Tech

GDDR7

GDDR8

HBM

AI Architecture

Nvidia Vera Rubin

Meta MTIA

Google TPU

AMD Instinct

Microsoft Maia

Drivers

PC Components

View PC Components

Memory

RAM

DRAM

DDR5

Storage

View Storage

HDDs

SSDs

Cooling

View Cooling

Air Cooling

Liquid Cooling

Thermal Paste

Networking

View Networking

Routers

Motherboards

Overclocking

PC Cases

PC Building

Power Supplies

News

View News

Tech Industry News

View Tech Industry News

CPU News

GPU News

Chips Act

Semiconductors

Cybersecurity

Supercomputers

Quantum Computing

Company News

AMD

Intel

Nvidia

Radeon

Microsoft

TSMC

Ryzen

IBM

Newsletter

Laptops

View Laptops

Gaming Laptops

Ultrabooks

MacBooks

Laptop Brands

Asus

Razer

HP

MSI

Desktops

View Desktops

PC Building

View PC Building

PC Cases

Gaming PCs

Monitors

View Monitors

Gaming Monitors

Peripherals

View Peripherals

Keyboards

Mice

3D Printers

Headphones

Desktop Brands

Alienware

Corsair

GeForce

Intel Arc

Gigabyte

Acer

Software & AI

View Software & AI

Artificial Intelligence

View Artificial Intelligence

Machine Learning

R&D

Intel Gaudi

Cerebras

xAI

LLMs

View LLMs

OpenAI

Anthropic

DeepSeek

Gemini

Grok

Operating Systems

View Operating Systems

Windows

MacOS

iOS

ChromeOS

Linux

Software

View Software

Programming

Applications

Microsoft Office

Web Browsers

Coupons

View Coupons

Laptop and PC Coupons

View Laptop and PC Coupons

Dell Coupon Codes

Asus Coupon Codes

Logitech Promo Codes

Samsung Promo codes

Hardware Coupons

View Hardware Coupons

Newegg Promo Codes

Corsair Discount Codes

Razer Promo Codes

Anycubic Discount codes

Software Coupons

View Software Coupons

Bitdefender Coupons

Simplisafe Coupons

MacPaw Coupons

Squarespace Coupon Codes

Gaming Coupons

View Gaming Coupons

Kinguin Discount Codes

Loaded Discount Codes

Logitech G Promo Codes

SteelSeries Coupons

Premium

Forums

Tom's Hardware SubscriptionWhy subscribe?Get deeper insights with deeper News Analysis postsRead exclusive subscriber-only features and interviewsUnlock access to Bench, our custom benchmark test visualizer, and compare products From$7/mthSubscribe now

Tom's Hardware

Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.

Contact me with news and offers from other Future brands

Receive email from us on behalf of our trusted partners or sponsors

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed
Your newsletter sign-up was successful

An account already exists for this email address, please log in.

TrendingTH Premium May PromoAI Data CentersRAM Combo DealsIntel Xeon 600DLSS 5RAM ShortageBartlett Lake

Tech Industry

Cybersecurity

Microsoft's GitHub bans security researcher who posted zero-day Windows exploits because company 'ruined their life' — expert claims action is vindictive and promises further retaliation

News

By
Bruno Ferreira

published

27 May 2026

"I will make sure your bones are shattered [on July 14]"

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Getty Images)

Copy link

Facebook

X

Whatsapp

Reddit

Pinterest

Flipboard

Email

Share this article

9

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Subscribe to our newsletter

There's been some drama unfolding lately in the Windows security world, and today's episode comes from yet another apparent run-in of researcher Nightmare-Eclipse (aka Chaotic Eclipse) against Microsoft. The company saw fit to ban Eclipse's GitHub account for as-of-yet unspecified reasons, forcing them to pack up and move shop to GitLab instead. Additionally, the Redmond firm had allegedly already deleted the Microsoft account Eclipse used for reporting the bugs.In a blog post, Eclipse claims this action was vindictive, stating once again that Microsoft refused communication attempts and that they "got zero pennies from doing so", a likely allusion to unpaid bug bounties from the MSRC program. The initiative pays out up to $30,000 to $100,000 for per end-point zero-day depending on conditions, and a cool $250,000 if you can crack open Hyper-V. Already having six zero-day exploits under their belt, Eclipse claims that July 14 will bring a reckoning of sorts for the company, hypothetically in the form of more zero-day exploits being published.Eclipse's dramatic dispute with Microsoft has been ongoing since early April, when they published the BlueHammer zero-day without warning. The language in their blog posts is unclear and passionate, directing cargo tanks of vitriol at Microsoft/MSRC. As a broad summary, Eclipse implies that Microsoft ignored or refused their zero-day reports and/or did not pay out bounties as requested, somehow causing financial harm in the process. Among other statements, Eclipse says "[they were] told personally by [Microsoft] that they will ruin my life and they did", that there's a dead-man switch of some sort, and that they "will make sure [Microsoft's] bones are shattered."Latest Videos From

You may like

Microsoft BitLocker-protected drives can now be opened with just some files on a USB stick

Zero-Day Clock visualizes and quantifies the effects of AI on software security

Denuvo promises countermeasures against the recent hypervisor-based DRM bypasses

The saga has drawn speculation from other experts, like William Dormann from Tharros, who said that "MSRC used to be quite excellent to work with. But to save money, Microsoft fired the skilled people, leaving flowchart followers. I wouldn't be surprised if Microsoft closed the case after the reporter refused to submit a video of the exploit, since that's apparently an MSRC requirement now."Microsoft has been mum on any details about these matters, so it's hard to tell if the situation is about an uncooperative researcher who doesn't follow standard disclosure rules or a company being difficult about security reports. Regardless, the move to ban Eclipse's GitHub account makes for poor optics, as it is being heavily criticized, and ultimately achieves nothing for security, since the code is out there anyway.In this day and age, when AI-powered security research has arguably made the standard 90-day disclosure-to-patch window completely obsolete, and both time-until-exploit and unused exploits are both nearing zero, Microsoft and other software players would do well to adjust their policies.Eclipse's technical track record is impressive. They published a string of zero-day exploits for Windows: BlueHammer gets access to the SYSTEM user via Defender, and RedSun does the same; UnDefend knocks Defender offline; GreenPlasma gets SYSTEM access via the CTFMon service, while MiniPlasma grants similar access via a flaw in the Windows Cloud Filter driver. Finally, there's YellowKey, a vulnerability in BitLocker that lets an attacker open up encrypted drives with next to no effort — precisely the action the technology was designed to prevent.Stay On the Cutting Edge: Get the Tom's Hardware NewsletterGet Tom's Hardware's best news and in-depth reviews, straight to your inbox.Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.BlueHammer, RedSun, and UnDefend have all been confirmed to be undergoing active exploitation in the wild, and it's not hard to imagine the others are as well, as Eclipse's publications of full or partial proof-of-concept code made it trivial for an interested party to use them.

Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.

TOPICS

Microsoft

See all comments (9)

Bruno FerreiraSocial Links NavigationContributorBruno Ferreira is a contributing writer for Tom's Hardware. He has decades of experience with PC hardware and assorted sundries, alongside a career as a developer. He's obsessed with detail and has a tendency to ramble on the topics he loves. When not doing that, he's usually playing games, or at live music shows and festivals.

Read more

PC Gaming
Denuvo promises countermeasures against the recent hypervisor-based DRM bypasses

  

Cybersecurity
Hacker group hits 3,800 internal GitHub repositories via poisoned developer plugin

  

Artificial Intelligence
Anthropic's latest AI model identifies 'thousands of zero-day vulnerabilities' in 'every major operating system and every major web browser'

  

Cybersecurity
Invisible malicious code attacks 151 GitHub repos and VS Code

  

Artificial Intelligence
Anthropic's Claude Mythos isn't a sentient super-hacker, it's a sales pitch — claims of 'thousands' of severe zero-days rely on just 198 manual reviews

  

Cybersecurity
Compromised Mistral AI and TanStack packages may have exposed GitHub, cloud and CI/CD credentials in 'mini Shai Hulud'  malware infection

  

Latest in Cybersecurity

Cybersecurity
Wide-ranging 7-zip vulnerability with 8.8 CVE rating allows for code execution

  

Cybersecurity
Zero-Day Clock visualizes and quantifies the effects of AI on software security

  

Cybersecurity
Europol's Operation Saffron takes down privacy-focused First VPN service

  

Cybersecurity
Hacker group hits 3,800 internal GitHub repositories via poisoned developer plugin

  

Cybersecurity
First Apple M5 memory exploit discovered using Anthropic AI, gives root access on MacOS

  

Cybersecurity
Microsoft BitLocker-protected drives can now be opened with just some files on a USB stick

  

Latest in News

Gaming Monitors
Samsung Display announces world's first 360 Hz 4K QD-OLED panel

  

Handheld Gaming
Valve hikes Steam Deck OLED prices — 512GB is now $789, while 1TB climbs to $949

  

PC Gaming
ASRock BC-250 used for Steam Machine duty gains third-party hack to unlock all 40 CUs — mining board now has more CUs than a base PS5

  

Semiconductors
Chinese university builds 3D chip design tool tailored to Huawei's ‘LogicFolding’ architecture

  

Cybersecurity
Wide-ranging 7-zip vulnerability with 8.8 CVE rating allows for code execution

  

Artificial Intelligence
Italian council sets 200% tax on data center development in agricultural zones

  

9 Comments

Comment from the forums

rgd1101

I don't get why MS does this. is not like they going to stop looking for zero day windows exploits.

Reply

RxBrad

I mean... the AI Bros are also taking the vindictive route on security.

"AI found this. We're breaking embargo on every CVE report, so you use the same AI we did that found this."

Reply

chaos215bar2

rgd1101 said:I don't get why MS does this. is not like they going to stop looking for zero day windows exploits.All this proves is why one company should not be allowed to control so many services.

Using GitHub to punish a security researcher for releasing information about Windows exploits is inappropriate and certainly isn't going to stop them from releasing similar information in the future. If anything, this is just going to encourage them to look ever harder for damaging zero-days.

Reply

Findecanor

So fire will rain down on Microsoft on 14 juillet you say?

Tremble, tyrants and ye traitors!
The disgrace of all parties, tremble!
Your parricidal schemes will finally receive their due!(That was the least bloody verse I could find in La Marseillaise.... Yikes)

Reply

SmokyBarnable

“Flowchart followers”. Almost every line of work has more experienced people denigrating the less experienced, but in tech it’s extreme. Now less experienced people can’t even get jobs because they’re being replaced by more experienced people using AI. That’ll show those diaper shitters!

Reply

DS426

Microsoft's massive bureaucracy of position levels and rigid policies has allowed them to lose control of the optics of this situation, one which is only going from bad to worse. Of course, M$ usually doesn't even seem to be aware of the optics on the things they do (and don't do), so what else could anyone really expect?

BTW, July 14th is the Patch Tuesday for the month of July, so that date makes sense for some fireworks. I suspect we'll also see another zero day or two on or around June 9th.

Reply

ezst036

Just another day, and more abusive BS from Microsoft.

Microsoft has no business anywhere in the consumer space. We need a wall of separation between Microsoft and consumers. They need to be quarantined into the B-to-B realm.

The only way Microsoft treats you fairly is if you've got a million dollar+ contract with them. And I bet even some businesses also have their tales of abuse and harassment also.

It's just............ who they are. They can't help themselves.

Reply

hotaru251

add another reason for people to leave windows...they actively fight & ban the ones trying to report vulnerabilities :|

Reply

Spuwho

This is typical Microsoft. Pre Windows Update, we used to open defects with them and they refused to service us unless we installed some service pack.
We finally turned it back on them and said they would have to describe how the SP fixed our issue because if we installed said SP it broke the OS.
That broke the process chart they kept throwing at us.

Reply

View All 9 Comments

Show more comments

Tom's Hardware is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

Add as a preferred source on Google

Terms and conditions

Contact Future's experts

Privacy policy

Cookies policy

Accessibility Statement

Advertise with us

About us

Coupons

Careers

©
Future US, Inc. Full 7th Floor, 130 West 42nd Street,
New York,
NY 10036.

A security researcher known as Nightmare-Eclipse, also referred to as Chaotic Eclipse, has faced significant action from Microsoft, resulting in the banning of their GitHub account and the alleged deletion of their associated Microsoft account following the publication of zero-day Windows exploits. The researcher claims this corporate action is vindictive, asserting that Microsoft refused communication and failed to provide payments from programs like the MSRC bug bounty initiative, which pays substantial sums for zero-day disclosures. Nightmare-Eclipse contended that Microsoft personally threatened them, suggesting a mechanism designed to inflict severe consequences, and hinted at a future reckoning. This conflict originated in early April with the disclosure of the BlueHammer zero-day exploit.

The dispute has generated speculation among experts regarding the motivations behind Microsoft's response. For instance, William Dormann of Tharros suggested that Microsoft may have prioritized cost-saving measures by dismissing skilled personnel, leaving behind personnel who strictly followed established procedures, implying that the action might stem from rigid policy enforcement rather than simple uncooperativeness. The article suggests an underlying tension between the need for security disclosure and corporate control, noting that the decision to ban the researcher, while criticized for poor optics, did not materially impede the public availability of the malicious code.

The researcher’s technical contributions are highlighted, demonstrating an impressive track record involving several zero-day exploits for Windows, including BlueHammer, RedSun, UnDefend, GreenPlasma, MiniPlasma, and YellowKey, which provided access to critical system functions and encryption bypasses. The article notes that these published vulnerabilities were actively being exploited in the wild, indicating the real-world impact of the researcher's work.

The broader context of this incident touches upon evolving security practices. The text posits that in the current era, driven by AI-powered security research, the traditional 90-day disclosure-to-patch window is becoming obsolete, prompting a discussion about how software entities should adjust their policies regarding vulnerability reporting. Furthermore, commentators expressed skepticism about Microsoft's authority in the consumer space, suggesting a need for greater separation between Microsoft and consumers, and pointed to historical examples of resistance from Microsoft in handling defect reporting. Ultimately, the saga reflects a broader dynamic concerning the balance between corporate interests, security disclosure accountability, and the role of external researchers in the cybersecurity landscape.