Microsoft Patches High-Severity Zero-Days Disclosed by Researcher in Ongoing Dispute
Microsoft released fixes for two high-severity zero-day vulnerabilities that were publicly disclosed by a researcher known as Nightmare Eclipse. The researcher claims Microsoft violated an agreement regarding vulnerability handling, leading to the public disclosure with proof-of-concept code. The incident highlights tensions between security researchers and major tech companies over responsible disclosure practices.
Microsoft released patches for two high-severity zero-day vulnerabilities on Tuesday following public disclosure by a researcher operating under the pseudonym Nightmare Eclipse. The researcher has been in a contentious dispute with Microsoft, claiming the company violated an agreement they had made regarding how vulnerabilities would be handled and disclosed. Nightmare Eclipse released multiple high-severity vulnerabilities in recent months, including proof-of-concept code, and attributed the disclosures to Microsoft's alleged breach of their arrangement. According to the researcher's statements, the situation resulted in severe personal consequences, including homelessness. This case exemplifies ongoing tensions in the cybersecurity community regarding responsible disclosure practices and the relationship between independent security researchers and major technology companies.
What's missing
The article does not provide Microsoft's official statement or explanation regarding the alleged agreement violation, nor does it detail the specific nature of the vulnerabilities or their potential impact. Additionally, there is no information about the timeline of events, previous interactions between the parties, or industry standards for vulnerability disclosure agreements.
What different sources said
- Ars TechnicaCenter
Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed
Related
Jerusalem Development Authority Chief Reports 400+ High-Tech Firms in City
Tsachi Namir, CEO of the Jerusalem Development Authority, stated at a Jerusalem Post conference in New York that Jerusalem hosts more than 400 high-tech companies and startups, challenging what he described as widespread misconceptions about the city's innovation sector. The city benefits from over 40,000 STEM students and top-ranked universities like Hebrew University, which contribute to its tech ecosystem. Namir's remarks highlight Jerusalem's infrastructure investments in transportation, employment zones, and housing as key drivers for attracting and retaining tech talent.
Apple Delays Siri AI Launch in EU Over Digital Markets Act Compliance Dispute
Apple announced on June 8 that it will not launch its redesigned Siri AI assistant in the European Union as part of iOS 27 and iPadOS 27, citing regulatory disagreements with the European Commission. The dispute centers on the EU's Digital Markets Act (DMA), which Apple says requires it to give virtual assistants direct access to private user data without adequate privacy protections. The delay represents another major clash between Apple and EU regulators over tech regulation, though the company says it will continue engaging with authorities to find a path forward.
EU Orders Meta to Open WhatsApp to Rival AI Chatbots for Free
The European Commission ordered Meta on June 9 to grant rival AI chatbots free access to WhatsApp within five working days as part of an antitrust investigation, or face fines up to 10% of annual turnover. The order follows Meta's October 2025 policy change that effectively blocked third-party AI assistants and a February warning from EU regulators. The EU aims to protect competition in the emerging AI assistant market and prevent large tech incumbents from leveraging past dominance to control innovation.