Microsoft breaks silence on vindictive researcher Nightmare-Eclipse . . . Microsoft Security Response Center (MSRC) released a defensive blog post calling out the vindictive anonymous security researcher, known as Nightmare-Eclipse, for bypassing coordinated disclosure Behind the corporate language, the message is clear: Microsoft wants researchers to stay in their lanes
Nightmare-Eclipse: six zero-days, six weeks and one big grudge Nightmare-Eclipse (Dead Eclipse, Chaotic Eclipse, Eclipse) is a malicious actor who has released six Windows zero-day exploits since early April 2026 in what multiple researchers describe as an escalating retaliatory campaign against Microsoft
GitLab Suspends Windows Exploit Researcher Nightmare-Eclipse After . . . The anonymous researcher known as Nightmare-Eclipse has been blocked from two major code-hosting platforms in less than a week, as their disruptive public zero-day campaign against Microsoft draws serious real-world consequences
Microsoft 0-day feud escalates as researcher threatens another Windows . . . The ongoing saga of Microsoft versus Nightmare Eclipse (aka Chaotic Eclipse), the disgruntled bug hunter with a deep understanding of Windows and an even deeper grudge against Microsoft, reached a fever pitch, with the researcher, who has thus far released six Windows zero-days, promising a “bone
Nightmare-Eclipse Tooling Seen in Real-World Intrusion | Huntress Chaotic Eclipse, also referred to in some places as Nightmare-Eclipse, is an alias for a security researcher who became frustrated with how Microsoft was handling the vulnerability disclosure processes
Nightmare Eclipse Windows Zero-Day: GitHub GitLab Bans, Patch Timeline . . . Nightmare Eclipse, the Windows zero-day researcher also known as Chaotic Eclipse and Dead Eclipse, was removed from GitHub around May 23 and GitLab on May 26–27, 2026, after publishing weaponized exploit code and threatening a July 14 release aimed at Microsoft The dispute is now bigger than a single banned account or an ugly blog post