In recent news, Microsoft has come under scrutiny for its response to zero-day exploits. A mysterious figure known as Nightmare Eclipse has been at the center of controversy, publicly sharing exploit codes that target vulnerabilities in Microsoft’s systems. There are speculations that Nightmare Eclipse could be a former disgruntled employee based on the nature of their posts.

One of the key points that caught the attention of cybersecurity researcher Kevin Beaumont is Microsoft’s response to the situation. The tech giant has hinted at pursuing a criminal case against Nightmare Eclipse for not adhering to standard vulnerability disclosure protocols. Additionally, Microsoft has taken action by disabling Nightmare Eclipse’s accounts on platforms like GitHub, GitLab, and the Microsoft Security Response Center, making it challenging for them to report future vulnerabilities.

Kevin Beaumont also raised concerns about Microsoft’s hiring practices, pointing out that the company has employed individuals who have engaged in similar activities as Nightmare Eclipse. Some of these employees have a history of publicly sharing zero-day exploits and even have criminal hacking convictions. Microsoft has even been known to purchase exploits from third-party brokers, further complicating the situation.

The decision by Microsoft to potentially criminalize individuals for not following disclosure frameworks has raised eyebrows. It remains to be seen how such actions would hold up in a legal setting, given the company’s own history of dealing with similar issues. Transparency and accountability will be crucial in navigating this complex landscape.