Microsoft retracts legal threats against security researchers after community backlash (opens in new tab)

Microsoft recently faced significant criticism from the cybersecurity community after threatening legal action against a researcher who disclosed a zero-day vulnerability. The researcher, known as Chaotic Eclipse, published an exploit called YellowKey that bypasses BitLocker encryption on Windows 11 using a USB device. Microsoft initially claimed the uncoordinated disclosure bypassed its official reporting policies and tasked its Digital Crimes Unit with investigating the matter. <a href="