this post was submitted on 11 Jun 2026
181 points (100.0% liked)

PC Master Race

21357 readers
575 users here now

A community for PC Master Race.

Rules:

  1. No bigotry: Including racism, sexism, homophobia, transphobia, or xenophobia. Code of Conduct.
  2. Be respectful. Everyone should feel welcome here.
  3. No NSFW content.
  4. No Ads / Spamming.
  5. Be thoughtful and helpful: especially when new beginners have questions.

founded 3 years ago
MODERATORS
_MoveSwiftly@lemmy.world
Brunbrun6766@lemmy.world
IowaMan@lemmy.world
BobaFett26@lemmy.world
The_Vampire@lemmy.world
Fudgeknuckles98@lemmy.world
CatZoomies@lemmy.world
Xeon@lemmy.ml
181
Angry bug hunter with Microsoft beef drops new Windows 0-day (www.theregister.com)
submitted 1 day ago by sanitation@lemmy.today to c/pcmasterrace@lemmy.world
18 comments fedilink hide all child comments
top 18 comments
sorted by: hot top controversial new old
[–] p03locke@lemmy.dbzer0.com 14 points 13 hours ago

"Angry bug hunter with Microsoft beef"? You mean Nightmare Eclipse? She's dropped so many 0-days that she's practically famous at this point.

[–] ChunkMcHorkle@lemmy.world 6 points 12 hours ago

This is not all they have to say, either. Their blog: https://deadeclipse666.blogspot.com/

As LBJ once noted of a detractor, "It's probably better to have him inside the tent pissing out, than outside the tent pissing in."

The slop company should have just paid them.

[–] quick_snail@feddit.nl 1 points 9 hours ago

Collaborative Translation Framework

Heh, wanna hack a CTF?

[–] MehBlah@lemmy.world 16 points 18 hours ago* (last edited 18 hours ago)

Fuck you pay me! The slop company did not pay up and now they are paying for it.

[–] VitoRobles@lemmy.today 63 points 1 day ago (2 children)

This is not surprising.

The industry knowledge had by the thousands of engineers laid off has to go somewhere.

[–] slazer2au@lemmy.world 66 points 22 hours ago (2 children)

Well when you report a bug to ms and they respond with disabing your account and you then release the 0day the ms responds with a public blog post saying people who release 0 days are breaking the law and liable for legal action of cause you then drop a second 0day and ms responds by retracing the legal threat so you you now drop a third one while your account to report these bugs is still disabled. What else would you do?

[–] HAL_9_TRILLION@lemmy.dbzer0.com 19 points 19 hours ago (1 children)

lol is this cheaper than just paying the fucking bounty? I'm beginning to wonder.

[–] quick_snail@feddit.nl 4 points 9 hours ago

How could it be? Any news is good news.

Companies who use Microsoft don't care about security

[–] pivot_root@lemmy.world 37 points 22 hours ago (2 children)

Drop a 4th one?

[–] redsand@infosec.pub 7 points 12 hours ago* (last edited 12 hours ago)

They did this is the 7th with more to come.

2nd bitlocker backdoor

[–] slazer2au@lemmy.world 16 points 21 hours ago

I look forward to it.

[–] calcopiritus@lemmy.world 47 points 22 hours ago* (last edited 22 hours ago) (1 children)

This is not about that. This is about a security researcher that wasn't paid by Microsoft's bug bounty program when they found a security bug.

Bug bounty programs exist to prevent this exact scenario. To give people a reward for privately disclosing the vulnerability with the devs instead of publicly/to a bad actor.

[–] Rothe@piefed.social 8 points 17 hours ago* (last edited 17 hours ago) (1 children)

AMD fucked up recently about that as well. It seems big tech is getting so arrogant and so far up its own ass that they can't even admit to bugs anymore, which is problematic considering their sloppy AI slop never had so many bugs as it does now.

[–] p03locke@lemmy.dbzer0.com 1 points 13 hours ago (1 children)

which is problematic considering their sloppy AI slop never had so many bugs as it does now.

Honestly, it's the opposite: AI is exposing so many bad security bugs that they are having a hard time keeping up.

[–] mnemonicmonkeys@sh.itjust.works 1 points 1 hour ago (1 children)

That's overblown. Yes, people are finding security bugs with AI, you will always get that when adding new tests with a different perspective. But the "having a hard time keeping up" come from the AI constantly spamming devs with duplicate issues.

[–] p03locke@lemmy.dbzer0.com 1 points 25 minutes ago* (last edited 24 minutes ago)

NIST has already updated their CVE policies because of "record CVE growth".

This change is driven by a surge in CVE submissions, which increased 263% between 2020 and 2025.

Hmmmm, I wonder wtf happened during those years?

[–] DoucheBagMcSwag@lemmy.dbzer0.com 6 points 18 hours ago (1 children)

Now can we get this with the PS5 already???

[–] pinball_wizard@lemmy.zip 5 points 14 hours ago

Yes. I do hope Sony finds a way to piss off this penetration tester. Maybe their computers get fucked up, and they'll finally apologize for fucking mine up. Lol.