Security news aggregator

Latest coverage for Certificates

Stay updated on certificate-related infosec topics, including SSL/TLS, PKI, and digital certificate management for robust cyber security.

48 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Digital certificates are electronic documents that verify the ownership of a public cryptographic key by an individual, organization, or device. Issued by trusted Certificate Authorities (CAs) within a Public Key Infrastructure (PKI), certificates enable secure communication by confirming identities and supporting encryption protocols like TLS. They include information such as the subject’s name, public key, issuer, validity period, and digital signature from the CA.

Security concerns with certificates focus on risks like CA compromise or fraudulent issuance, which can allow attackers to impersonate legitimate entities and intercept or alter encrypted traffic. Expired or revoked certificates may cause connection failures or be exploited if clients do not properly validate them. Effective certificate lifecycle management—including timely renewal, revocation checking (via CRLs or OCSP), and monitoring for unauthorized certificates—is essential to maintaining trust and preventing man-in-the-middle attacks or unauthorized access.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 48 Filtered view

Cloudflare has addressed a security vulnerability impacting its Automatic Certificate Management Environment (ACME) validation logic that made it possible to bypass security controls and access origin servers.  "The vulnerability was rooted in how our edge network processed requests destined for the ACME HTTP-01 challenge path (/.well-known/acme-challenge/*)," the web infrastructure

Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data.  The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand

The Russian nation-state threat actor known as Secret Blizzard has been observed orchestrating a new cyber espionage campaign targeting foreign embassies located in Moscow by means of an adversary-in-the-middle (AitM) attack at the Internet Service Provider (ISP) level and delivering a custom malware dubbed ApolloShadow

Google has revealed that it will no longer trust digital certificates issued by Chunghwa Telecom and Netlock citing "patterns of concerning behavior observed over the past year." The changes are expected to be introduced in Chrome 139, which is scheduled for public release in early August 2025. The current major version is 137.  The update will affect all Transport Layer Security (TLS)

Loading more headlines...