Comment

Explanaiton: Microsoft (MSFT) has a bug bounty program. Meaning researchers that find security vulnerability in Microsoft products can send them to the Microsoft security team and get a money reward. However they use AI to look through the submissions and also get slammed by submissions from AI meaning many of the legitimate vulnerability researchers are very frustrated. Submissions get rejected because they are “not a vulnerability” but one month later Microsoft publishes a patch against the vulnerability without acknowledging the researcher.

NightmareEclipse is a … person … who is frustrated by this. And they have A LOT of really really bad vulnerabilities. Because Microsoft did not want to pay them they just release the previously unknown vulnerabilities to the public. No patches exist. The hackers and Microsoft learn about the vulnerability at the same time.

So far they have released ~10 vulnerabilities in one month and claim they have many more with some big drops apparently coming in July.

Because of this, of course Microsoft is getting a lot of shit from big corporations that are afraid they will get hit with some nasty cyber attacks because of Microsoft’s fuckup.

source

Sort:hotnew top

possiblylinux127@lemmy.zip ⁨3⁩ ⁨days⁩ ago
How much do you want to bet he found government backdoors

While I don’t have much evidence, I suspect they are being pressured into leaving it open

source
- groet@feddit.org ⁨3⁩ ⁨days⁩ ago
  The yellowkey vulnerability might be a backdoor. NightmareEclipse even speculated so in their publication.
  
  This is one of the most insane discoveries I ever found, almost feels like backdoor but what do you know, maybe I’m just insane.
  
  source
  - redsand@infosec.pub ⁨3⁩ ⁨days⁩ ago
    XML looks like one too 😂
    
    source
Areldyb@lemmy.world ⁨3⁩ ⁨days⁩ ago
The much-feared July drops aren’t happening, or at least aren’t happening in July. Apparently whoever Eclipse is hasn’t been getting much sleep.

I’m starting to genuinely struggle with sleep and constant fevers. I feel like my muscles are degenerating as time passes by lack of nutrition and severe fevers, not mention that I just can’t find a reasonable way to put myself as sleep anymore.

The issue of me not sleeping is i end up writing more and more code and it will keep getting worst.

Lord help me.

(Un)fortunately I will be unable to mass disclose zerodays in July 14th, RoguePlanet took way more time than expected and truly drained me. I might take a break but I can’t say for sure what I will be doing for next month, maybe it’s nothing, maybe it’s smtg. But the big thing is not happening. I did not intend to spread a mass panic with that post and I apologize for doing so.

Quotes taken from deadeclipse666.blogspot.com which as far as I can tell is their actual blog.

source
- groet@feddit.org ⁨3⁩ ⁨days⁩ ago
  I feel like they are also doing some misdirection and spread false information. I am sure they are wanted by the FBI and NSA by now so not being predictable is safer.
  
  source
- redsand@infosec.pub ⁨3⁩ ⁨days⁩ ago
  That’s very interesting. They haven’t dropped any RCEs and it very much sounds like they either have something ready or know exactly where to look so I’m still on the edge of my seat. This defiantly doesn’t seem over.
  
  source