A security researcher who posted about a zero-day vulnerability in Windows claims he was 'banned from GitHub in retaliation from Microsoft.'

GitHub, a subsidiary of Microsoft, has reportedly suspended the account of security researcher Nightmare-Eclipse, who had been publishing a series of zero-day vulnerabilities in Windows. The specific reason for the suspension has not been revealed, and he reported that he had moved his base of operations to GitLab, but his account was subsequently banned from GitLab as well.

Nightmare Eclipse: July 14th
https://deadeclipse666.blogspot.com/2026/05/july-14th.html

Microsoft's GitHub bans security researcher who posted zero-day Windows exploits because company 'ruined their life' — expert claims action is vindictive and promises further retaliation | Tom's Hardware
https://www.tomshardware.com/tech-industry/cyber-security/microsofts-github-bans-security-researcher-who-posted-zero-day-windows-exploits-because-company-ruined-their-life-expert-claims-action-is-vindictive-and-promises-further-retaliation

Nightmare-Eclipse had previously disclosed a privilege escalation exploit related to Windows Defender in April 2026, and a vulnerability in May 2026 that allowed access to BitLocker-protected drives via an external USB flash drive.

A vulnerability has been discovered that allows access to Microsoft BitLocker-protected drives using only files on a USB drive, without the recovery key - GIGAZINE

This incident occurred amidst the ongoing conflict between Nightmare-Eclipse and Microsoft. In his blog, Nightmare-Eclipse claims that Microsoft has not responded to his inquiries and that the Microsoft account he used to report vulnerabilities has been deleted.

According to Nightmare-Eclipse, his GitHub account was flagged and removed from public view, which he claims is a retaliatory measure by Microsoft. He also claims he did not receive any rewards for reporting bugs, expressing his dissatisfaction with the Microsoft Security Response Center (MSRC) bug bounty program.

The conflict is said to have surfaced around April, when he publicly disclosed a zero-day Windows vulnerability called 'BlueHammer' without prior warning. Nightmare-Eclipse's blog post doesn't reveal the specifics of the conflict, but it is clear he is furious, saying things like, 'Microsoft told me directly, 'We're going to ruin your life,' and that's exactly what happened,' 'There's some kind of dead man's switch,' and 'I'm going to smash Microsoft's bones to pieces.'

Furthermore, in a blog post dated May 23, Nightmare-Eclipse announced that he would release more information on July 14. In the same post, Nightmare-Eclipse referred to the denial-of-service vulnerability in Microsoft Defender, ' CVE-2026-45498, ' as 'UnDefend,' and the vulnerability in Microsoft Malware Protection Engine, ' CVE-2026-41091 ,' as 'RedSun.' He initially advised users to migrate to GitLab, but it has since been reported that his GitLab account was also banned .

Meanwhile, in a blog post dated May 27 , Microsoft claimed that details about RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma were not shared with Microsoft before their public release, and that this was not in line with coordinated vulnerability disclosure. However, they did not clarify the reason for the suspension of the GitHub account or the details of the Microsoft account deletion that Nightmare-Eclipse claims. Tom's Hardware commented that 'the suspension of the GitHub account looks bad and has little security effectiveness since the code already exists elsewhere.'

Security expert William Doman said that while MSRC was once an excellent point of contact, the decrease in skilled security engineers means that they may now only be following procedures. Doman stated, 'If a vulnerability reporter refused to submit a proof-of-concept video, Microsoft may have closed the case.'