Stay updated on certificate-related infosec topics, including SSL/TLS, PKI, and digital certificate management for robust cyber security.
Search across headline titles and summaries.
Background for this topic.
Certificates form a part of the Public Key Infrastructure (PKI), which is a framework for managing encryption keys and identity verification. They are issued by trusted entities known as Certificate Authorities (CAs) that verify the certificate applicant's credentials before issuance. Once issued, a certificate binds a public key to an entity, allowing others to rely upon signatures or assertions made by the private key that corresponds to the certified public key.
In practice, certificates secure connections by enabling Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols, commonly noted by the 'https' and lock symbol in web browser address bars. This secures data transmission against eavesdroppers and ensures users are communicating with the legitimate owner of the website. Certificates also play a vital role in email encryption, code signing, secure remote access, and various other aspects of information security to ensure data integrity and trustworthiness in digital communications.
Weekly headline count for the current query.
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates
Microsoft and Resecurity disrupted Fox Tempest, a malware-signing service that used fake Microsoft certificates to make malware look legitimate. Resecurity supported Microsoft’s Digital Crimes Unit (DCU) in its disruption of Fox Tempest, a financially motivated threat actor operating a malware-signing-as-a-service (MSaaS) capability used by cybercriminals to make malicious files appear legitimate. On May 19, 2026, […]
Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company's Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals. [...]
OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution. [...]
A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky
Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some cases, removing certificates from Windows. [...]
The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. In other words, update those PCs soon.
Cisco has released security updates to patch four critical vulnerabilities, including a fixed improper certificate validation flaw in the company's cloud-based Webex Services platform that requires further customer action. [...]
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service
A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. [...]
Google Sites lure leads to bogus root certificate Imagine getting asked to do something by a person in authority. An unknown malware slinger targeting open source software developers via Slack impersonated a real Linux Foundation official and used pages hosted on Google.com to steal developers' credentials and take over their systems.…
OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. [...]
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user data or internal system was compromised
Proponents Favor Performance Tests Over CertsThe U.S. Department of Defense is for the first time piloting new skills-based assessments for its cyber hiring as an alternative to checking paper qualifications. Many certificates, officials say, don't reflect the skills their cyber teams need in the real world.
Major providers are testing a quantum-safe version of HTTPS that shrinks certificates to one-tenth their previous size, decreasing latency and adding transparency.
A Florida woman was sentenced to 22 months in prison for running a massive years-long scheme to traffic thousands of stolen Microsoft Certificate of Authenticity (COA) labels. [...]
Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers
Google Chrome initiates quantum-resistant measures via Merkle Tree Certificates to secure HTTPS