GitHub Bans Researcher Behind Windows Zero-Day Drops, Promises July Retaliation

Microsoft has banned the GitHub account of researcher Nightmare-Eclipse (also known as Chaotic Eclipse), who has published at least six unpatched Windows zero-days since April, including BlueHammer, RedSun, UnDefend, GreenPlasma, MiniPlasma, and a BitLocker bypass dubbed YellowKey. Three of the exploits are already being used in the wild. Eclipse has decamped to GitLab and claims Microsoft also nuked the account they were using to file MSRC reports, accusing the company of stiffing them on bounties that can reach $250,000 for Hyper-V breaks. They’ve threatened a fresh wave of drops on July 14, which happens to be the month’s Patch Tuesday.

The dispute is messy. Eclipse’s blog posts are emotionally charged and short on specifics, and Microsoft is saying nothing, leaving outsiders unable to judge whether MSRC mishandled valid submissions or whether the researcher refused to follow disclosure process. Former CERT/CC veteran Will Dormann suggests MSRC’s quality has cratered since layoffs replaced experienced triagers with people mechanically enforcing new requirements like mandatory exploit videos, which would plausibly explain a closed case.

Whichever side is more at fault, banning the researcher’s repo is bad optics and bad security: the proof-of-concept code is already mirrored elsewhere, the underlying bugs remain unpatched, and the move reads as retaliation against disclosure rather than a response to it. It also underscores the structural problem of a single vendor controlling both the OS being attacked and the dominant code-hosting platform researchers use to publish against it.