Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash
Microsoft responds to backlash over its threats of legal action against researchers who publicly disclose zero-day vulnerabilities. The post Microsoft Tries to Calm Legal Threat Fears After Zero-Day Disclosure Backlash appeared first on SecurityWeek.
Microsoft has responded to backlash over its threats of legal action against researchers who publicly disclose zero-day vulnerabilities without coordinated notification.
The controversy concerns a researcher known online as Chaotic Eclipse and Nightmare Eclipse, who in recent weeks disclosed the details and proof-of-concept (PoC) exploits for several unpatched vulnerabilities affecting Microsoft products.
Details remain unknown, but it appears there was a disagreement between the researcher and Microsoft during a vulnerability disclosure process. The researcher then decided to release the details of several vulnerabilities that had not been reported to Microsoft.
Related breach coverage
- The Zero-Knowledge Threat Actor and the End of Responsible Disclosure2026-06-02
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. The post The Zero-Knowledge Threat Actor and the End of Responsible Disclosure appeared first on SecurityWeek.
- Microsoft says it will not pursue security researchers after zero-day backlash2026-06-01
Microsoft said it is taking the feedback seriously, adding: “To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research.”
- Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis2026-06-02
As AI shortens the path from vulnerability disclosure to exploitation, researchers disagree on whether the problem is inadequate security tools or inadequate operational control. The post Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis appeared first on SecurityWeek.
- Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities2026-06-02
Google says the Android vulnerability CVE-2025-48595 has been exploited in limited, targeted attacks. The post Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities appeared first on SecurityWeek.