Microsoft threatened researcher over Defender and BitLocker bug disclosures
Microsoft is under fire after it threatened a security researcher, "Nightmare Eclipse," for revealing unpatched bugs in Windows Defender and BitLocker.
The company said the researcher did not attempt to report the bugs so the company could fix them, warning that sharing exploit details could help hackers, but the researcher claims Microsoft revoked access to their reporting portal and that they had no choice but to release the vulnerabilities publicly.
Microsoft and US confirm vulnerabilities exploited
Both Microsoft and US cybersecurity officials confirmed these vulnerabilities were actually used in real-world attacks.
After Nightmare Eclipse posted their findings online; their GitHub and GitLab accounts were banned.
Cybersecurity pros (including Katie Moussouris, who helped create Microsoft's bug bounty program) called the company's response over the top, saying it might make researchers think twice before reporting bugs in the future.