What's the backstory on this researcher? They seem to have a personal vendetta against Microsoft and thus releasing zero days that he found with the help of AI?
Seems like the gold rush period is over for bounty hunters and its more about who has access to hardware/token capital.
> They seem to have a personal vendetta against Microsoft
Probably because they were forced to use MS-DOS when so many better options were killed off by Microsoft's monopolistic and anti-consumer underhanded business tactics...
The researcher's own statements note that the zero days were not found with AI.
And honestly I think that's the part that Microsoft is most upset about, because every internal partner conversation I've had has been about needing to buy Security Copilot because all the advanced attacks are coming from AI, and just suggesting vulnerabilities existed before AI seems to make salespeople uncomfortable continuing the conversation.
Is there any public word from Microsoft about what is going on here? Why would both Microsoft and Gitlab ban the user? I thought both platforms allowed hosting exploits and security research as long as everything is clearly marked up-front, I'm guessing some rules were broken?
It doesnt really matter. Banning someone GitHub account change literally nothing and its another proof Microsoft is not to be trusted as steward of open source platform.
I can’t help but feel Microsoft will regret this.
Guy finds zero days and gets no compensation. Instead gets banned.
Guy sells zero days elsewhere.
Not to mention all the other people who find 0-days. Reputation matters a lot.
What's the backstory on this researcher? They seem to have a personal vendetta against Microsoft and thus releasing zero days that he found with the help of AI?
Seems like the gold rush period is over for bounty hunters and its more about who has access to hardware/token capital.
> They seem to have a personal vendetta against Microsoft
Probably because they were forced to use MS-DOS when so many better options were killed off by Microsoft's monopolistic and anti-consumer underhanded business tactics...
I might be projecting.
The researcher's own statements note that the zero days were not found with AI.
And honestly I think that's the part that Microsoft is most upset about, because every internal partner conversation I've had has been about needing to buy Security Copilot because all the advanced attacks are coming from AI, and just suggesting vulnerabilities existed before AI seems to make salespeople uncomfortable continuing the conversation.
Is there any public word from Microsoft about what is going on here? Why would both Microsoft and Gitlab ban the user? I thought both platforms allowed hosting exploits and security research as long as everything is clearly marked up-front, I'm guessing some rules were broken?
Well if it’s a full disk encryption exploit that still requires hardware access I imagine it would have been made for a 3-letter govt org or something
Shoot the messenger. That’ll fix it.
Also recently:
Satya Nadella says as much as 30% of Microslop code is written by AI:
https://www.cnbc.com/2025/04/29/satya-nadella-says-as-much-a...
“Recently” this was a year ago - it’s probably more like 95% now
I think you're going down a bad route when you start inserting gratuitous insults into your summaries of what other people said.
Researcher seems a bit unhinged.
That may go with the task of looking for low-level security holes.
Or being forced into homelessness by Microsoft
Takes a certain kind of crazy to pay your bills with bug bounties.
sanity isn't his job
Amidst abysmal uptime, Ghostty leaving and now this, GitHub is accelerating their own downfall.
Surely, the public string of exploits means he can find gainful employment from any of the various spooks?
The optics don't look good for Microsoft, but we don't know their side of the story.
It doesnt really matter. Banning someone GitHub account change literally nothing and its another proof Microsoft is not to be trusted as steward of open source platform.
> forcing them to pack up and move shop to GitLab instead.
https://gitlab.com/nightmare-eclipse
Blocked user @nightmare-eclipse
Looks like they’re banned on GitLab as as well?
I suspect MS threatened them with a SmartScreen blackhole for the domain, I'm not surprised they pulled it.
I don’t like the idea Microsoft can bully other websites into blocking content they don’t like.
Do we have any evidence they did that other than the comment you replied to speculating?
This is such a bad idea and what the point anyway? Once 0-day is out its out.
Almost like trying to censor leakef HDCP key.
Basic conflict of interest stuff
MS owns GH. It's tonedeaf and criminal