惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Scott Helme
Scott Helme
N
Netflix TechBlog - Medium
AI
AI
Security Latest
Security Latest
GbyAI
GbyAI
P
Proofpoint News Feed
Y
Y Combinator Blog
A
Arctic Wolf
G
Google Developers Blog
U
Unit 42
爱范儿
爱范儿
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
Vulnerabilities – Threatpost
Know Your Adversary
Know Your Adversary
Cisco Talos Blog
Cisco Talos Blog
T
Tor Project blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threatpost
L
Lohrmann on Cybersecurity
C
CERT Recently Published Vulnerability Notes
C
Check Point Blog
B
Blog RSS Feed
The GitHub Blog
The GitHub Blog
Microsoft Azure Blog
Microsoft Azure Blog
博客园 - 【当耐特】
博客园 - Franky
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
C
Cisco Blogs
云风的 BLOG
云风的 BLOG
NISL@THU
NISL@THU
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Microsoft Security Blog
Microsoft Security Blog
T
The Blog of Author Tim Ferriss
阮一峰的网络日志
阮一峰的网络日志
Latest news
Latest news
L
LINUX DO - 最新话题
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
美团技术团队
WordPress大学
WordPress大学
L
LangChain Blog
Stack Overflow Blog
Stack Overflow Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
酷 壳 – CoolShell
酷 壳 – CoolShell
大猫的无限游戏
大猫的无限游戏
The Hacker News
The Hacker News
Simon Willison's Weblog
Simon Willison's Weblog
V
V2EX
Project Zero
Project Zero
博客园_首页

The Stack

How Lloyds has transformed its trusted critical data for AI Micron's revenue surges with no end to the memory shortage in sight Ubiquiti UniFi OS vulnerabilities exploited in the wild Mistral's new OCR 4 model shows size matters EU approves €76m in state aid for chip testing firm Even FedEx is a winner of the data centre boom Why AWS thinks AI coding assistants need a new place to run Why China is forging closer ties with open-source foundations China's CPU-only supercomputer tops power list Runtime: Why 'Bring-your-own-Cloud' is taking off; the TRAIT&R framework for agents, and... AWS adds yet another security tool to speed up patching Scattered Spider: UK teen pleads guilty to TfL attack OSS security finally gets a Magic Quadrant Places for People forking out £60m for new ERP system Google offers ATT&CK for bad AI, with surging cost forecast STACKUP: The Stack's weekly tech startups and funding wrap Bring Your Own Cloud: why more enterprises are buying in AWS takes NVIDIA "G7" Blackwell instances GA Runtime: Vercel sets up a new framework for agents, Databricks finds a new Genie, and… Borussia Dortmund's IT head has to sometimes think "outside of the box" Accenture stumbles after Middle East, AI, merger questions Cabinet Office offering £100k+ for AI "ambassador" Critical Splunk Enterprise vulnerability being exploited Accenture buys majority stake in OT security company Dragos npm's security rethink, Satya’s warning, a COBOL win, and... US spending billions to counter China's tech influence NatGeo Society CTO on migrating 15 years of video data to the cloud Alibaba opens French data centres in Europe cloud push SpaceX to take over Cursor in $60bn play for AI coding market Hosting firm Hetzner hikes prices sharply amid supply chain pain HSBC's CIO: AI is easy. True impact is hard. Databricks' Ali Ghodsi: 'Your processes have to change' Rackspace’s "30MW" AMD deal: The devil's in the details The Stack acquires Runtime What is npm doing to protect the JavaScript ecosystem Ron van Kemanade, Group COO, Lloyds, on agents, COBOL, IAM. Langflow instances are getting exploited – again Red Hat's $5 billion answer to Mythos: fix all the code OpenAI acquires German startup to spin up cloud dev environments for better agent control STACKUP: The Stack's weekly tech startups and funding wrap Microsoft CEO warns over concentrated AI model dependency Internet pillar cURL takes a summer holiday from security Anthropic knee-capped by abrupt export controls Months after losing its CEO, now Adobe's CFO gets poached Oracle zero-day exploited for nearly two weeks by Shiny Hunters HM Treasury needs a new CTO, the salary is below average AMD joins UK's Sovereign AI train with Cambridge "AI lab" Oracle PeopleSoft vulnerability exploited: 100s reported hit Oracle reports a $638 billion backlog The UK wants to record court hearings - but not an actual plan Bank of England restarts stalled £24m data collection refresh Anthropic warns LLMs can crank out N-day exploits cheap and fast Defender under Attack: June's Patch Tuesday in the spotlight The CISO needs to get focused on business resilience LibreOffice denounces Euro-Office as Microsoft Trojan Horse Apple's revamped Siri AI leans on Google models and cloud AI could be driving IT hiring in Europe, new report finds UK calls for “device-based” nude controls Cult browser project Ladybird cuts off code community UK gets $1.5bn AI Hardware Plan, and a big-coalition sovereign model plan too STACKUP: The Stack's weekly tech startups and funding wrap Fake IT support staff are walking in to US law firms to steal data Apple found a way to sharply cut token use Apache Livy graduates to Top-level project for Spark support Supabase raises $500m, looks to horizontal Postgres scaling GitLab Field CTO on unlikely customers pulling ahead with AI Killing the card? The UK’s banks eye a payments revolution MPs call on UK government to drop £330m Palantir-NHS deal The Tokenomics Foundation is coming for AI Finops Microsoft's new models give it a better moat The EU dropped its latest tech sovereignty package – what to know HMRC digital transformation: new customer service platform Tokenmaxxing is dead. Finops for AI is emerging slowly. This database company wants to take on Palantir ChatGPT 5.5 and Codex now on Bedrock for easy AWS access Multicloud gets sweeter with a 500 Mbps free private link Alphabet raising $80bn to keep up with ballooning AI CapEx How to get visibility and isolation for AI in Kubernetes Red Hat packages injected with worm in supply chain attack STACKUP: The Stack's weekly tech startups and funding wrap Dell COO says “pain” of price hikes will continue NVIDIA, MS tease tighter agent-native security primitives in Windows Sumedh Thakar: CISOs need to think Shock, WoW, and "AWE" IBM to put $5bn and 20,000 engineers into OSS security fight MongoDB eyes more federal work, snaps up partner Clarity Chinese cyber victims overlapping with industrial strategy - ESET Microsoft stirs a hornets nest over “criminal” zero day disclosure threats Snowflake's AI coding tool is "flywheel" for data platform “Headless” Salesforce hits 1 trillion API calls MySQL gets a foundation with no Oracle, but Alibaba presense GCHQ teases “blueprint” for national AI cyber defense BNP Paribas moves to “zero copy” data model Snowflake joins US federal discount scheme Can Dropbox's new CEO save it from stagnation? Zscaler CEO drools over Mythos tailwind, but Jason's and Joe's departures spook markets Google chases a Kubernetes moment for AI agents UKHSA sticks with Oracle after outsourcing payroll Lenovo eyes “personal AI super agents” in $100 billion drive US eyes physics-based safeguards for water cyber threats Accenture beats IBM in Post Office's latest bid to ditch Horizon
Microsoft turns down temperature amid Nightmare Eclypse row
The Stack · 2026-06-01 · via The Stack

Microsoft Security Response Center (MSRC) on May 27 appeared to threaten legal action over the uncoordinated disclosure of six impactful zero days.

Now it’s trying to turn down the temperature. 

The central security team has faced a public barrage of criticism from a security researcher going by the handle Nightmare Eclipse/Chaotic Eclipse.

The researcher, believed to be young, alleges that MSRC has attempted to muzzle them – ultimately shutting down their GitHub and GitLab accounts after they publicly posted a flurry of exploits for bugs they had found.

In a May 27 blog, MSCR had pointed specifically to the ongoing situation and then commented that “Our security teams across the company work tirelessly tracking threat actors who look for weaknesses just like these…Our Digital Crimes Unit will continue bringing cases against these actors.”

“Literally gave me free vulnerabilities”

Many in the security community took that as a highly regressive threat to penalise public bug disclosure outside of MSRCs “coordinated vulnerability disclosure” (CVD) programme.

In a show of solidarity, some even gifted potentially valuable (under bug bounty programmes) bugs to the researcher.

(As Nightmare Eclypse wrote on May 29: “Soooo, something extremely funny is happening. After the recent events, multiple researchers reached out to me and some just literally gave me free vulnerabilities…”) 

MSRC now says it is “listening to the conversation around coordinated disclosure and the relationship between security researchers and vendors. We recognize that this relationship is both critical and, at times, fragile.”

"No intention to pursue action..."

In a post on social media today, Redmond’s team added: “We deeply value the security community, and will continue to take your feedback seriously. To be clear about our approach to legal matters, we have no intention to pursue action against individuals conducting or publishing their security research. 

“When an individual breaks the law and engages in malicious activity causing real harm to our customers, we will work with law enforcement as appropriate. We recognize the work that goes into researching and submitting a vulnerability. We are committed to approaching every interaction with transparency, clear communication, and professionalism.”

“We acknowledge that some interactions have fallen short and are working to learn from them… We are committed to maintaining a constructive and respectful relationship and growing together. We know that, given the nature of this work, there will at times be misunderstandings. We remain committed to engaging in good faith and to providing a respectful and professional experience for all researchers, regardless of past interactions.”

The precise nature of Nightmare Eclypse’s relationship with Microsoft and their identity remain closely guarded. They have disclosed a series of highly novel vulnerabilities including a complete bypass of BitLocker encryption. 

The vulnerability, tracked as CVE-2026-45585 effectively makes any lost or stolen laptop a data breach incident and, as Microsoft admits, means a “successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.” 

Other exploits published by the researcher let attackers abuse a trio of Microsoft Defender vulnerabilities, tracked as RedSun (CVE-2026-41091) , UnDefend (CVE-2026-45498) and BlueHammer (CVE-2026-33825) for privilege escalation and have since have been exploited in the wild.