A cybersecurity feud is heating up around the so-called “zero time gap” disclosure controversy. Researcher Chaotic Eclipse (Nightmare-Eclipse) began posting Windows-related vulnerabilities in early April—BlueHammer, RedSun, UnDefend, YellowKey, plus GreenPlasma and MiniPlasma—each tied to different CVEs. As the list grew, Microsoft finally pushed back, arguing the researcher published without proper coordination and calling it an unnecessary security risk. Microsoft’s stance is centered in MSRC’s response (May 27). They claim the disclosure was irresponsible because it lacked sufficient vendor communication and collaboration. MSRC also signals they’re tracking individuals who enable cybercrime through their digital crimes investigation efforts—and may coordinate with global law enforcement. So this isn’t just internet drama; it’s a legal-and-enforcement message. The plot thickens: reports say the researcher’s Microsoft notification accounts were deleted, followed by GitHub removal. He reportedly migrated repos to GitLab, then claimed he’d “take action” on July 14. Meanwhile, Barracuda speculates about his possible ties to Microsoft—though others frame him as an unfairly treated “community hero.” Who’s right about coordinated disclosure? The next updates should be telling. #Cybersecurity #VulnerabilityDisclosure #MSRC #WindowsSecurity #BugBounty #ThreatIntelligence
Want to learn more? Visit Explore the world, stay updated on travel insights and international affairs, and discover authentic stories from real life
评论
发表评论