Ammar Askar didn’t wait. One hour after he tipped off a contact at GitHub about a dangerous flaw in Visual Studio Code, he published a full proof-of-concept exploit. The move followed a pattern. Another security researcher, known as Nightmare Eclipse, had already dropped six Windows zero-days in recent weeks. Both acted in open frustration with how Microsoft manages vulnerability reports.
Askar’s bug let attackers steal OAuth tokens with broad access to a victim’s GitHub repositories, public and private alike. It targeted users of github.dev, the browser-based version of VS Code. Attackers could configure a repository to recommend a malicious extension. Then they tricked the victim into opening a specially crafted Jupyter Notebook that ran hidden JavaScript. That code simulated keyboard shortcuts. It accepted extension installation prompts without real user interaction. The extension grabbed the token. Simple. Effective. And now public.
“To summarize the last time I interacted with MSRC regarding reporting a VSCode bug, it was a horrible experience where they silently fixed the bug I pointed out without any credit,” Askar wrote in his detailed blog post. (Ammar’s Blog) “They also marked it as not having any security impact.” He pointed to a recent Star Labs report on a VS Code XSS bug that Microsoft rated as ineligible and low severity. His conclusion was blunt. He would pursue full public disclosure for future VS Code security issues.
The decision carried risk. Askar acknowledged the VS Code team might have preferred more time to craft a fix. “There is legitimately a UI/UX balance here that needs to be struck with the security concerns,” he added. Yet he saw public pressure as one of the few tools left to push for change. Finding these bugs takes real effort. Researchers expect respect, not dismissal.
Escalating Tensions Test Microsoft’s Disclosure Model
Nightmare Eclipse pushed the conflict further. The pseudonymous researcher released multiple Windows flaws, including ones affecting Defender and BitLocker. Some saw quick exploitation in the wild. Microsoft assigned CVEs such as CVE-2026-33825 for BlueHammer, CVE-2026-41091 for RedSun, and others. None had been reported through official channels first, the company said.
In a May 27 blog post, Microsoft drew a firm line. “The details of these vulnerabilities were not shared with Microsoft prior to release, and the disclosures put our customers at unnecessary risk,” the MSRC team wrote. (Microsoft MSRC Blog) The company stressed its work with hundreds of researchers each year through Coordinated Vulnerability Disclosure. That process gives vendors time to patch before proof-of-concept code spreads. It also offers compensation and public credit.
“Uncoordinated disclosures that put proof-of-concept code for unpatched vulnerabilities into the hands of bad actors are never justifiable and have real-world consequences,” the post continued. Microsoft’s Digital Crimes Unit would pursue actors enabling criminal activity, it warned. The language struck many as a direct threat. Backlash followed fast.
Days later, Microsoft walked it back. In a statement shared on X, the company said it had “no intention to pursue action” against individuals conducting or publishing security research. It would still work with law enforcement against those who break the law and cause real harm. The episode exposed deep cracks in trust. (The Record)
Researchers have long complained about inconsistent treatment. Some reports vanish without credit. Others receive low severity ratings that feel disconnected from real attack potential. Askar’s earlier experience fit the pattern. Nightmare Eclipse claimed the company revoked an MSRC account and failed to honor past agreements, even leaving the researcher in difficult personal circumstances. Details remain vague. The sentiment does not.
But. The uncoordinated releases carry clear costs. Attackers don’t wait for patches. Three of Nightmare Eclipse’s bugs saw in-the-wild use shortly after publication, according to reports. Enterprises scramble. Microsoft rushes fixes while defending its process. The cycle benefits no one. Or does it? Public pressure sometimes forces faster action than quiet reports.
Microsoft runs active bug bounty programs. It awarded millions through Zero Day Quest in 2026 alone. The company invites submissions through its researcher portal regardless of past interactions. It has shifted language from “responsible disclosure” to “coordinated vulnerability disclosure” to reflect industry norms more accurately. These steps show willingness to adapt. Yet the recent clashes suggest the system still falls short for some skilled hunters.
Askar’s exploit worked because github.dev passes a powerful OAuth token to the browser-based editor. That token isn’t scoped tightly to one repository. Combine that with VS Code’s webview architecture and its handling of keyboard events from inside sandboxed iframes, and the attack becomes one-click. Click a malicious github.dev link pointing to a Jupyter notebook. Hidden HTML and JavaScript fire simulated Ctrl-Shift-A and other shortcuts. The malicious extension installs. Token exfiltrates. Game over.
He published a full proof-of-concept repository. It included the notebook and extension code. Users who visit it see exactly how the attack unfolds. Askar also explained mitigations. Clear site data for github.dev. Avoid opening suspicious notebook links. The flaw exists in desktop VS Code too, though it requires more social engineering.
So the question lingers. How should vendors and researchers interact when trust erodes? Microsoft emphasizes partnership and shared responsibility. Researchers like Askar and Nightmare Eclipse demand better acknowledgment and faster, more accurate triage. Both sides cite real harm. Customers face increased risk from premature disclosures. Researchers feel their labor gets undervalued or erased.
The incidents arrive at a busy time. Microsoft continues to expand its security bounty programs across Azure, Copilot, and other services. It patches hundreds of vulnerabilities yearly. Yet high-profile public drops highlight gaps in how edge cases and repeat reporters are handled. Nightmare Eclipse has teased more releases, including a Secure Boot bypass. The researcher moved repositories after GitHub, owned by Microsoft, banned the account.
Industry observers watch closely. Coordinated disclosure works when incentives align. When they don’t, researchers vote with their keyboards. They publish. They explain. They force the conversation into the open. Askar ended his post with a timeline and technical depth that invited scrutiny and learning. That transparency carries value even as it creates short-term danger.
Microsoft has engaged after the backlash. It acknowledges some past interactions fell short. The company says it cannot confirm specific account deactivations but does not remove MSRC accounts as policy. New dialogue opportunities may emerge. Whether they satisfy frustrated hunters remains uncertain. The latest leaks show the pressure continues to build.
Security teams should review github.dev usage now. Clear cached data. Train users against suspicious notebook links. Watch for follow-on attacks using similar webview bypass techniques. Longer term, vendors must examine how they score and credit reports that challenge core product assumptions. Researchers must weigh the damage their disclosures cause against the change they seek. The balance is delicate. It always has been. Recent events make it harder to ignore.
WebProNews is an iEntry Publication