May 30, 2026, 10:41 am | Read time: 3 minutes
A public conflict between Microsoft and the security expert known as Chaotic Eclipse is escalating. After the researcher repeatedly pointed out security vulnerabilities in Windows 11 over the past few months, their GitHub account has now been suspended. Chaotic Eclipse had published programs on GitHub that demonstrated these vulnerabilities.
Microsoft Responds to New Security Flaw
The security flaw “YellowKey” is considered a possible trigger for the suspension. Following the previously disclosed vulnerabilities “BlueHammer” and “RedSun,” Chaotic Eclipse also made this issue public. The flaw allows bypassing BitLocker encryption to access Windows system drives.
The vulnerability was rated with a CVE score of 6.8, classified as “moderate.” However, an attack requires direct access to the affected device. In a support document, Microsoft explicitly references the disclosure by Chaotic Eclipse.
The company describes this as a “violation of best practices for coordinated vulnerability disclosure.” Typically, affected companies only make vulnerabilities public after they have been resolved to protect users.
GitHub Account Disappears
Shortly after this accusation, Chaotic Eclipse’s GitHub account was apparently deleted. GitHub, owned by Microsoft since 2018, is one of the most important platforms for developers, where users can store, publish, and share code with others.
The programs provided by Chaotic Eclipse were also distributed via GitHub. Microsoft apparently sees a problem in this, as the programs practically demonstrate the reported vulnerabilities, which could also be used by cybercriminals. At the same time, such disclosures increase the pressure on companies to close known security gaps more quickly.
Accusations Against Microsoft
Chaotic Eclipse recently drew attention by proving a loophole that Microsoft claimed had been fixed years ago. However, according to the security researcher, the flaw still exists.
Also of interest: Old vulnerability not patched? Hacker exposes Microsoft
The suspension of the GitHub account prompted strong criticism from Chaotic Eclipse. In a blog post, the individual accuses Microsoft of defamation. Additionally, Microsoft is said to have previously blocked access to the Microsoft Security Response Center (MSRC), a platform where users can report security vulnerabilities to the company. According to Chaotic Eclipse, Microsoft also refused direct communication.
Security Flaw in Windows 11: Researcher Releases Controversial Code
Ancient Flaw Unpatched? Hacker Exposes Microsoft
Announcement of Another Revelation
The latest blog post contains a particularly striking passage. Chaotic Eclipse writes: “Microsoft still keeps me in chains–this has been going on for years, and I just can’t stay silent any longer.” At the same time, the individual announces a major, “bone-chilling” revelation for July 14, 2026.
This has led to speculation about the identity of the security researcher. Since it remains unknown, it is unclear whether the person is a current or former employee of the company.
Competing Platform Also Suspends Account
After losing the GitHub account, Chaotic Eclipse opened an account on the platform GitLab. However, that account has also been suspended.
It remains unclear why the suspension occurred. Whether Microsoft was involved or if the platform found its own violation of its guidelines is currently unknown.