By Dark Reading
Publication Date: 2026-04-09 20:13:00
The leak online of exploit code for an apparent Windows zero-day flaw dubbed “BlueHammer” could be the sign of a larger issue that security researchers face when collaborating with Microsoft on vulnerability disclosure.
Using the alias “Chaotic Eclipse,” a researcher anonymously published a blog post on April 2 that contained a GitHub link for the exploit, expressing annoyance with Microsoft for an insufficient response to its disclosure of the flaw.
“I was not bluffing Microsoft and I’m doing it again,” the researcher wrote in the blog post. A companion post on an X account with the same alias also heralded the release of the exploit with a link to the blog post, claiming at the time of writing, “the vulnerability is still unpatched.”
The researcher also implied that he had an unsatisfactory interaction with Microsoft’s Security Response Center (MSRC) about the disclosure of the flaw, but did not specific exactly what happened. “I’m just really wondering what was the math behind…




