Kevin Beaumont
Coverage of Kevin Beaumont in the Nexus archive.
- Microsoft reaches for olive branch after public dustup with 0-day researcher
Microsoft softened its stance after initially threatening legal action against researcher Nightmare-Eclipse for publicly disclosing Windows zero-day vulnerabilities. The researcher released exploit code, prompting Microsoft to face backlash from the security community. Microsoft's updated statement emphasized no legal pursuit against security researchers but stopped short of addressing specific allegations.
- Microsoft is threatening legal action for disclosing exploits
Microsoft is facing criticism for threatening legal action against an individual who disclosed zero-day exploits. Nightmare Eclipse, a user, posted proof-of-concept exploit code, prompting Microsoft to disable their GitHub, GitLab, and Microsoft Security Response Center accounts. Cybersecurity researcher Kevin Beaumont highlighted Microsoft's response as a point of concern.
- NGINX Rift attackers waste no time targeting exposed servers
A newly disclosed NGINX bug, dubbed 'NGINX Rift', is being actively exploited by attackers, with over 5.7 million internet-exposed servers potentially vulnerable. The bug, assigned a CVSS score of 9.2, can cause a crashed worker process and forced restart, and potentially allow code execution in certain configurations. Researchers are seeing active exploitation attempts just days after the CVE was published.