{"uuid": "e59702f4-a5ce-49b3-a1b3-a231c8da3f00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-24084", "type": "seen", "source": "https://infosec.exchange/users/briankrebs/statuses/116661298779426573", "content": "RE: https://c.im/@cdarwin/116660769695837565\nOne reason that Microsoft might be issuing such harshly worded language here to describe the researcher may be that, according to Nightmare Eclipse, they until recently worked as a security researcher at Microsoft.\nScroll back far enough through their Xitter account (to June 2020) and you will see they claimed CVE-2019-1385 was theirs. \nOn July 1, 2021, Nightmare Eclipse complained that Microsoft failed to fix one of the weaknesses they reported in CVE-2021-24084. Microsoft credits both of these flaws to the same researcher, whose LinkedIn account says they are in Germany and worked full time at Microsoft from Sept. 2022 to June 2025. \nFor the record, I think @GossiTheDog called it that this person was a former MS employee.\nhttps://x.com/ChaoticEclipse0/with_replies", "creation_timestamp": "2026-05-30T03:03:07.387540Z"}