Microsoft calls zero-day releases ‘never justifiable’ as researcher threatens to drop more
Each vulnerability was published with working proof-of-concept code to the Microsoft-owned code repository GitHub, making them immediately available to both attackers and security professionals.
Microsoft has published its first response to a weeks-long campaign of uncoordinated Windows zero-day releases, condemning the disclosures as “never justifiable” and suggesting that it could bring cases against people who enable cybercrime.
A pseudonymous researcher known as Nightmare Eclipse began releasing the vulnerabilities in April. Each was published with working proof-of-concept code to the Microsoft-owned code repository GitHub, making them immediately available to both attackers and security professionals.
The researcher's GitHub account has since been removed, and their Blogger page, where they have been posting since April, appears to be down as of publication.
Related breach coverage
- Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix2026-05-18
MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has released a proof-of-concept exploit for a new Windows privilege escalation zero-day called MiniPlasma, which can grant attackers SYSTEM privileges on fully patched systems. The flaw affects “cldflt.sys,” the […]
- Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.2026-05-27
A critical vulnerability, tracked as CVE-2026-45659, in Microsoft SharePoint can allow attackers to achieve remote code execution with little effort. Microsoft released security updates to patch a high-severity SharePoint vulnerability, tracked as CVE-2026-45659 (CVSS score of 8.8), that could allow remote code execution. The flaw does not require complex conditions for exploitation, making it a […]
- Microsoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It.2026-05-29
A researcher dropped 6 Windows zero-days with no warning. Three are now exploited in the wild. Microsoft is angry. The researcher says Microsoft ignored them first. Over the past month, a researcher going by Chaotic Eclipse, also known as Nightmare-Eclipse, publicly released details of six unpatched vulnerabilities in Windows components including Defender and BitLocker. No […]
- DirtyDecrypt: PoC Released for yet another Linux flaw2026-05-20
DirtyDecrypt (CVE-2026-31635): working PoC out for a Linux kernel LPE flaw. Missing COW guard in rxgk_decrypt_skb lets local attackers reach root. After Copy Fail, Dirty Frag, and Fragnesia, here comes DirtyDecrypt, another local privilege escalation vulnerability in the kernel, this time with a working proof-of-concept already out in the open. The flaw was discovered and […]