RE: https://c.im/@cdarwin/116660769695837565
One reason that Microsoft might be issuing such harshly worded language here to describe the researcher may be that, according to Nightmare Eclipse, they until recently worked as a security researcher at Microsoft.
Scroll back far enough through their Xitter account (to June 2020) and you will see they claimed CVE-2019-1385 was theirs.
On July 1, 2021, Nightmare Eclipse complained that Microsoft failed to fix one of the weaknesses they reported in CVE-2021-24084. Microsoft credits both of these flaws to the same researcher, whose LinkedIn account says they are in Germany and worked full time at Microsoft from Sept. 2022 to June 2025.
For the record, I think @GossiTheDog called it that this person was a former MS employee.


