Microsoft is facing backlash for threatening legal action against a security researcher who publicly posted zero-day exploits, with critics highlighting the company's inconsistent history with vulnerability disclosure.
<figure>
<img alt="Microsoft logo on black and blue background." data-caption="" data-portal-copyright="Image: The Verge" data-has-syndication-rights="1" src="https://platform.theverge.com/wp-content/uploads/sites/2/2025/04/STK095_Microsoft_04.jpg?quality=90&strip=all&crop=0,0,100,100" />
<figcaption>
</figcaption>
</figure>
<p class="has-text-align-none">Microsoft is facing criticism for its handling of zero-day exploits. Someone going by the name Nightmare Eclipse has been publicly feuding with the company, posting proof-of-concept exploit code. Some of their posts suggest that they're a disgruntled former employee. But what caught cyber security researcher <a href="https://doublepulsar.com/microsofts-stance-on-zero-day-exploits-is-a-dumpster-fire-of-their-own-making-0946117940a4?postPublishedType=repub">Kevin Beaumont's</a> eye was how Microsoft has <a href="https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure?">responded</a>.</p>
<p class="has-text-align-none">Microsoft suggests it plans to bring a <a href="https://www.pcmag.com/news/microsoft-threatens-researcher-over-bug-reports-triggers-cybersecurity">criminal case</a> against Nightmare Eclipse for failing to follow "proper coordination" in disclosing vulnerabilities. They also disabled Nightmare Eclipse's GitHub, GitLab, and Microsoft Security Response Center <a href="https://thehackernews.com/2026/05/microsoft-slams-public-zero-day.html">accounts disabled</a>. As Beaumont point …</p>
<p><a href="https://www.theverge.com/tech/940416/microsoft-nightmare-eclipse-zero-day-vulnerability">Read the full story at The Verge.</a></p>
# Microsoft is threatening legal action for disclosing exploits
Source: [https://www.theverge.com/tech/940416/microsoft-nightmare-eclipse-zero-day-vulnerability](https://www.theverge.com/tech/940416/microsoft-nightmare-eclipse-zero-day-vulnerability)
[Skip to main content](https://www.theverge.com/tech/940416/microsoft-nightmare-eclipse-zero-day-vulnerability#content)
The company is feuding with a security researcher publicly posting vulnerabilities\.
The company is feuding with a security researcher publicly posting vulnerabilities\.
by
May 30, 2026, 3:19 PM UTC
Image: The Verge
[](https://www.theverge.com/authors/terrence-obrien)
Terrence O'Brien
is the Verge’s weekend editor\. He has over 18 years of experience, including 10 years as managing editor at Engadget\.
Microsoft is facing criticism for its handling of zero\-day exploits\. Someone going by the name Nightmare Eclipse has been publicly feuding with the company, posting proof\-of\-concept exploit code\. Some of their posts suggest that they’re a disgruntled former employee\. But what caught cyber security researcher[Kevin Beaumont’s](https://doublepulsar.com/microsofts-stance-on-zero-day-exploits-is-a-dumpster-fire-of-their-own-making-0946117940a4?postPublishedType=repub)eye was how Microsoft has[responded](https://www.microsoft.com/en-us/msrc/blog/2026/05/a-shared-responsibility-protecting-customers-through-coordinated-vulnerability-disclosure?)\.
Microsoft suggests it plans to bring a[criminal case](https://www.pcmag.com/news/microsoft-threatens-researcher-over-bug-reports-triggers-cybersecurity)against Nightmare Eclipse for failing to follow “proper coordination” in disclosing vulnerabilities\. They also disabled Nightmare Eclipse’s GitHub, GitLab, and Microsoft Security Response Center[accounts disabled](https://thehackernews.com/2026/05/microsoft-slams-public-zero-day.html)\. As Beaumont points out, “It’s quite difficult to ‘responsibly’ report future vulnerabilities when you have been banned\.”
What troubles Beaumont is that Microsoft has hired people who have done many of the exact same things\. They’ve employed people who have publicly posted zero\-day exploits, some with criminal hacking convictions on their record\. Microsoft has also purchased exploits from brokers\.
Beaumont sums it up:
> If Microsoft’s tactic is to try to criminalise not following often arbitrary “responsible disclosure” frameworks, good luck defending that in court — because there’s a whole clown car of prior decision making within Microsoft and facts which would emerge in that process\.
**Follow topics and authors**from this story to see more like this in your personalized homepage feed and to receive email updates\.
- Terrence O'Brien
## The Verge Daily
A free daily digest of the news that matters most\.
A security researcher published six unpatched Windows zero-day vulnerabilities, including working exploit code, without Microsoft's knowledge. Microsoft threatened legal action and criminal referrals, drawing widespread criticism from the cybersecurity community over its handling of the situation.
A disgruntled security researcher known as Nightmare Eclipse has escalated a feud with Microsoft by threatening to dump more Windows zero-day exploits, after already releasing six. Microsoft has responded with a blog post and legal threats.
Microsoft's GitHub banned security researcher Nightmare-Eclipse after they posted zero-day Windows exploits. The researcher claims retaliation and promises further disclosure.
An anonymous researcher released two Microsoft zero-day exploits, YellowKey (BitLocker bypass) and GreenPlasma (privilege escalation), after Patch Tuesday, posing serious security risks for organizations.