Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better understand the impact and address them before they are publicly disclosed. The development comes after a researcher named Chaotic Eclipse (aka Nightmare-Eclipse) disclosed details of multiple zero-day

The article reports that a security researcher publicly disclosed multiple Windows zero-day vulnerabilities (e.g., BlueHammer, RedSun, UnDefend), including proof-of-concept exploits, after alleging breakdowns in Microsoft's vulnerability handling process.[1] Some of these flaws were then actively exploited in the wild, and the researcher’s GitHub and GitLab accounts hosting the code were removed or blocked.[1] From a CyberSE.AI perspective, this highlights how uncoordinated disclosure and code hosting platform policies can rapidly alter the exposure of critical components in an AI supply chain, especially when AI systems depend on underlying OS, security tools (like Defender, BitLocker), and code repositories for training and deployment. Organizations using AI agents or models on Windows or integrating with GitHub/GitLab should treat coordinated vulnerability disclosure, dependency visibility (SBOM), and continuous security testing as core supply-chain controls to limit cascade risk when zero-days and exploit code are suddenly made public.