GitHub bans security researcher who posted zero-day Windows exploits
possibilistic
290 points
133 comments
May 28, 2026
Related Discussions
Found 5 related stories in 81.8ms across 8,861 title embeddings via pgvector HNSW
- GitHub bans researcher for exploits; expert calls it vindictive RandomGerm4n · 11 pts · May 27, 2026 · 95% similar
- Microsoft 0-day feud escalates as researcher threatens another exploit dump Cider9986 · 222 pts · May 29, 2026 · 71% similar
- Mystery Microsoft bug leaker keeps the zero-days coming e12e · 104 pts · May 14, 2026 · 61% similar
- Microsoft's stance on zero day exploits is a dumpster fire of their own making _tk_ · 59 pts · May 28, 2026 · 60% similar
- Security researcher says Microsoft built a Bitlocker backdoor, releases exploit nolok · 558 pts · May 17, 2026 · 57% similar
Discussion Highlights (20 comments)
jrflowers
> forcing them to pack up and move shop to GitLab instead. https://gitlab.com/nightmare-eclipse Blocked user @nightmare-eclipse Looks like they’re banned on GitLab as as well?
cortesoft
Researcher seems a bit unhinged.
0cf8612b2e1e
Surely, the public string of exploits means he can find gainful employment from any of the various spooks?
__d
Shoot the messenger. That’ll fix it.
bitbasher
I can’t help but feel Microsoft will regret this. Guy finds zero days and gets no compensation. Instead gets banned. Guy sells zero days elsewhere.
SXX
This is such a bad idea and what the point anyway? Once 0-day is out its out. Almost like trying to censor leakef HDCP key.
MiscIdeaMaker99
The optics don't look good for Microsoft, but we don't know their side of the story.
SXX
Also recently: Satya Nadella says as much as 30% of Microslop code is written by AI: https://www.cnbc.com/2025/04/29/satya-nadella-says-as-much-a...
embedding-shape
Is there any public word from Microsoft about what is going on here? Why would both Microsoft and Gitlab ban the user? I thought both platforms allowed hosting exploits and security research as long as everything is clearly marked up-front, I'm guessing some rules were broken?
alex1138
Basic conflict of interest stuff MS owns GH. It's tonedeaf and criminal
zuzululu
What's the backstory on this researcher? They seem to have a personal vendetta against Microsoft and thus releasing zero days that he found with the help of AI? Seems like the gold rush period is over for bounty hunters and its more about who has access to hardware/token capital.
jasonvorhe
Amidst abysmal uptime, Ghostty leaving and now this, GitHub is accelerating their own downfall.
JumpCrisscross
Has Microsoft just created an editorial responsibility for itself to remove zero days from GitHub? If my software winds up with a zero day on GitHub, will Microsoft nuke that account, too?
tptacek
No idea what's happening here, but the First Rule Of Major Bug Bounty Programs is that everybody involved on the vendor side is actively incentivized to pay out. In many cases, there are people whose internal metrics depend on payouts. Payouts are causes for celebration in these programs. Microsoft is almost certainly[†] not trying to save money by screwing over bounty claimants. This might not be true of small companies (and is a reason why small companies shouldn't run bug bounty programs), but it is definitely true of FAANG/MAG7-scale companies. This doesn't mean these bounty programs err on the side of paying out, or that they won't routinely make decisions that will piss you off. It does however work against claims that they're withholding payouts vindictively. [†] Only hedging because it's been a minute since I've talked to anyone at Microsoft.
mschuster91
Lol, they ban a security researcher from Github for embarassing them, but massgrave's Microsoft Activation Scripts isn't just still on Github but verified ? Make it make sense, Microsoft.
vasco
The NSA isn't even subtle anymore jeez.
rvz
A perfect storm of GitHub's own self-destruction and downfall all done by themselves. Microsoft is playing with fire against a researcher that has a track record of finding 0 days out of thin air. Quite a dumb thing to do. This researcher should instead pivot to crypto smart contract bounties instead. A much larger payout there instead of compaines like Microsoft.
Aurornis
User also got themselves banned from Gitlab, an unrelated company. Their quotes in the article are threatening violence and destruction toward Microsoft. I don’t know what’s going on, but given that they’re getting banned from multiple unrelated organizations and threatening to “crush their bones” and such, I suspect this is probably just a regular old case of someone being abusive and unhinged, getting banned because of it, and then claiming conspiracy. What, exactly, did this person post to GitHub and/or Gitlab that got them banned? We should all know by now that any exploits posted to GitHub are cloned and forked everywhere immediately. Why are these articles so vague about what was posted? Also, these conspiracy theories that the NSA or other .gov is forcing this are quite ridiculous, as it would be infinitely easier for them to just hand the guy a pile of money than to Streisand effect it with a visibly unhinged guy talking about dead man’s switches and crushing bones.
bnagh
Looks like Microslop will have a happy Bastille day. Getting popcorn.
LelouBil
Very important info: https://www.theregister.com/security/2026/05/28/microsoft-0-... In the linked Microsoft blog post, they say : > The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk. So are they lying ? Why would Nightmare-Eclipse not report them if they are not ? It's a very weird situation