The software giant Microsoft has found itself at the epicenter of a grand scandal after entering into an open war with an independent cybersecurity expert. Instead of fixing critical flaws in its Windows operating system, the technology corporation decided to wave its finger and threaten the person who discovered them with a lawsuit. This has come to this after the company deliberately ignored the official defect reports sent by the specialist for months.
Many define this as an extremely ugly manifestation of corporate arrogance! At the heart of the conflict is the white hat hacker, known on the Internet by the pseudonyms Chaotic Eclipse and Nightmare Eclipse. He came across terrible vulnerabilities in the built-in antivirus software Defender and in the BitLocker disk encryption tool. The researcher tried to report the reports through the official Microsoft Security Response Center, hoping for an adequate response and a well-deserved financial reward. Instead, however, his account was brutally deactivated by the moderators. Left with his hands tied and without any access to the portal, he took the ultimate step - he published the demonstration exploit code on the GitHub and GitLab platforms, turning the vulnerabilities into real and dangerous zero-day threats for millions of users.
Microsoft's reaction was not long in coming and was surprisingly aggressive. The corporation issued an official statement accusing the expert of acting irresponsibly and, in effect, adding fuel to the fire by helping cybercriminals. Redmond, citing data from the US Cybersecurity Agency (CISA), announced that some of the holes revealed by Nightmare Eclipse are already being exploited in real hacker attacks. To top it all off, Microsoft threatened to involve international law enforcement agencies, and the researcher's GitHub and GitLab profiles were promptly deleted from the virtual space.
Colleagues from the authoritative publication TechCrunch report that the actions of the software giant have unleashed a wave of discontent among the cybersecurity community. Prominent figures in the industry immediately jumped to the defense of the blocked analyst. The founder of Luta Security and a former Microsoft employee, Katie Moussouris, described the threats of imprisonment as absurd and warned that such behavior would only undermine the already shaky trust in the company. Her opinion was supported by another iconic Redmond veteran - Kevin Beaumont. He called his former employer's position an "own goal" and emphasized that attempts to criminalize researchers who simply prove the existence of defects are an absolute new low in the technology industry.