Microsoft faces backlash after suspending accounts linked to zero-day exploit disclosures: Report

Microsoft is under fire for suspending accounts tied to a researcher using the name Nightmare Eclipse, who has shared proof-of-concept code for software vulnerabilities. The company reportedly disabled the individual’s GitHub, GitLab, and Microsoft Security Response Center accounts, citing a lack of proper coordination in vulnerability disclosures. Microsoft also suggested pursuing criminal charges, drawing backlash from cybersecurity experts. The dispute centers on Nightmare Eclipse’s public posting of exploit code, with Microsoft arguing that responsible disclosure requires prior coordination. Cybersecurity researcher Kevin Beaumont criticized the move, noting that banning the researcher complicates future vulnerability reporting. Beaumont highlighted the irony of Microsoft’s stance, given the researcher’s potential contributions to security improvements. Microsoft’s actions have sparked broader concerns about how tech companies handle vulnerability disclosures. Experts warn that aggressive account suspensions could discourage researchers from reporting critical flaws. The case underscores tensions between corporate security policies and the open sharing of technical findings in the cybersecurity community.