Explanaiton: Microsoft (MSFT) has a bug bounty program. Meaning researchers that find security vulnerability in Microsoft products can send them to the Microsoft security team and get a money reward. However they use AI to look through the submissions and also get slammed by submissions from AI meaning many of the legitimate vulnerability researchers are very frustrated. Submissions get rejected because they are “not a vulnerability” but one month later Microsoft publishes a patch against the vulnerability without acknowledging the researcher.
NightmareEclipse is a … person … who is frustrated by this. And they have A LOT of really really bad vulnerabilities. Because Microsoft did not want to pay them they just release the previously unknown vulnerabilities to the public. No patches exist. The hackers and Microsoft learn about the vulnerability at the same time.
So far they have released ~10 vulnerabilities in one month and claim they have many more with some big drops apparently coming in July.
Because of this, of course Microsoft is getting a lot of shit from big corporations that are afraid they will get hit with some nasty cyber attacks because of Microsoft’s fuckup.
Lojcs@piefed.social 3 weeks ago
I haven’t not understood a meme so much in a while
plateee@piefed.social 3 weeks ago
I think it’s regarding a Microsoft security researcher who is on a hot streak for exploits.
https://www.darkreading.com/vulnerabilities-threats/nightmare-eclipse-microsoft-exploit-rogueplanet
bizarroland@lemmy.world 3 weeks ago
I haven’t followed your link yet, but this did remind me that the gossip about this is that Microsoft intentionally made these vulnerabilities for spying on people for governments, and he’s dropping all of the exploits on them, forcing them to have to patch them out.