GitHub has suspended a security researcher's account after they published proof-of-concept exploits for Windows zero-day vulnerabilities. The researcher claims the ban is retaliation for exposing flaws Microsoft failed to address.
Microsoft's GitHub platform removed the researcher's account following posts containing working exploits for unpatched Windows security vulnerabilities. The researcher alleges the ban stems from Microsoft's handling of the vulnerability disclosure process and claims the company ignored responsible reporting attempts.
According to the researcher, Microsoft declined to address the security issues within standard timeframes, prompting the decision to publish the exploits. They characterize GitHub's enforcement action as vindictive and suggest further escalation could follow.
The incident raises ongoing tensions in the cybersecurity community around vulnerability disclosure policies. Security researchers often face difficult choices when vendors fail to patch known flaws: remain silent while systems remain vulnerable, or publish details that help defenders understand risks while potentially aiding attackers.
GitHub's terms of service prohibit posting exploits and malicious code, giving the platform grounds for enforcement. However, researchers argue such policies can conflict with public safety when vendors neglect patches.
The case reflects broader friction between technology companies and security researchers. Microsoft has faced previous criticism over slow patch cycles and communication gaps during vulnerability management. Researchers increasingly question whether traditional disclosure timelines work when companies deprioritize fixes.
The suspension highlights the power dynamics at play: GitHub controls the primary platform many researchers use to share work, while researchers depend on these channels to coordinate around critical security issues.
No official statement from Microsoft or GitHub addressing specific details has been released. The incident drew attention across security forums, with some supporting the researcher's position while others argue published exploits pose legitimate risks regardless of underlying disputes.
SAP released security updates for 16 vulnerabilities in July 2026, including three critical flaws affecting NetWeaver, Commerce Cloud, and AppRouter. The patches address risks across multiple enterprise software components.
Two newly discovered phishing kits, Jalisco and OmegaLord, are actively targeting Microsoft 365 accounts with techniques designed to circumvent multi-factor authentication protections.
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and one entity for enabling ransomware attacks against American organizations. The action targets infrastructure providers facilitating cyber threats.
As scam calls and messages proliferate, ordinary people are turning the tables on fraudsters through scambaiting—deliberately engaging scammers to waste their time and resources.