"I have proof for every single word": This security researcher's GitHub and Microsoft accounts were deleted after claiming a Windows 11 exploit in BitLocker is by design

Key Points:

• Security researcher "Chaotic Eclipse" disclosed a zero-day exploit called YellowKey that bypasses BitLocker protection on Windows 11 and Server 2022/2025 using a USB key, a vulnerability not present in Windows 10.
• Microsoft acknowledged the vulnerability, tracking it as CVE-2026-45585, and issued mitigation guidance, while criticizing the public release of the exploit's proof of concept as a breach of coordinated vulnerability disclosure norms.
• Following the disclosure, Microsoft's actions included banning Eclipse's GitHub account and deleting their Microsoft account used for bug reporting, which Eclipse condemned as vindictive and humiliating.
• The conflict appears rooted in Eclipse's claims of unpaid bounties from Microsoft's Security Response Center program despite multiple zero-day discoveries, leading to escalating tensions and threats of further disclosures or actions against Microsoft on July 14.
• Microsoft has not publicly responded to Eclipse's allegations of mistreatment and unpaid rewards, leaving uncertainty about the legitimacy of Eclipse’s claims and the future developments in this dispute.