GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine
Google Sites lure leads to bogus root certificate Imagine getting asked to do something by a person in authority. An unknown malware slinger targeting open source software developers via Slack impersonated a real Linux Foundation official and used pages hosted on Google.com to steal developers' credentials and take over their systems.…
A Florida woman was sentenced to 22 months in prison for running a massive years-long scheme to traffic thousands of stolen Microsoft Certificate of Authenticity (COA) labels. [...]
Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data. The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand
Hackers Use Stolen Certificates to Bypass Endpoint Detection and ResponseA Russian-speaking ransomware group has been deploying a malicious Windows PE driver that imitates a legitimate CrowdStrike Falcon driver to bypass endpoint security, warn researchers. The driver disables endpoint detection and response software by stripping process protections.
The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools
Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates
Cybercriminal Group Claims to Have Published 100 Gigabytes of Agency's Stolen DataTwo months after RansomHub claimed to have published 100GBs of its stolen data on the dark web, the Florida Department of Health is notifying citizens that their sensitive information has been compromised. The attack affected the vital statistics system used to issue birth and death certificates.
A Kentucky man used stolen doctor credentials to fake his own death certificate to avoid paying a six-figure child support debt.
In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.
Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered with. Both of these qualities make stolen or ill-gotten code-signing certificates attractive to cybercriminal groups, who prize their ability to add stealth and longevity to malicious software. This post is a deep dive on "Megatraffer," a veteran Russian hacker who has practically cornered the underground market for malware focused code-signing certificates since 2015.
Revoking these certificates will invalidate some versions of GitHub Desktop for Mac and Atom
There was a breach, so the bad news isn't great, but the good news isn't too bad...
GitHub says that unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories. [...]
OEMs including Samsung, LG and Mediatek named and shamed Compromised Android platform certificate keys from device makers including Samsung, LG and Mediatek are being used to sign malware and deploy spyware, among other software nasties.…
Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19
The group is characterized by the use of a stolen digital certificate issued by DEEPSoft
Nvidia certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines.
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. [...]
70k staff email addresses and NTLM password hashes also dumped online An Nvidia code-signing certificate was among the mountain of files stolen and leaked online by criminals who ransacked the GPU giant's internal systems.…