An anonymous security researcher known as "Nightmare-Eclipse" published six zero-day exploits for unpatched Windows vulnerabilities after claiming Microsoft failed to address the reported bugs, prompting Microsoft's Security Response Center to condemn the actions and hint at potential criminal prosecution. This sparked widespread backlash from the cybersecurity community, with prominent researchers arguing that threatening legal action against security researchers discourages responsible disclosure and pushes researchers toward selling vulnerabilities to malicious actors instead. Microsoft subsequently walked back its position, clarifying it had no intention of pursuing action against researchers conducting legitimate security research.
