GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine
Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates
A newly identified supply chain attack targeting DAEMON Tools software has compromised its installers to serve a malicious payload, according to findings from Kaspersky
Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data. The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand
Security researchers say multiple threat groups, including Iran's Charming Kitten APT offshoot Subtle Snail, are deploying malware with code-signing certificates from the Houston-based company.
Hackers Use Stolen Certificates to Bypass Endpoint Detection and ResponseA Russian-speaking ransomware group has been deploying a malicious Windows PE driver that imitates a legitimate CrowdStrike Falcon driver to bypass endpoint security, warn researchers. The driver disables endpoint detection and response software by stripping process protections.
Cybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates
What happens at Black Hat… While trying to escape the Las Vegas heat during Black Hat last month, watchTowr Labs researchers decided to poke around for weaknesses in the WHOIS protocol. They claim to have found a way to undermine certificate authorities, which the world trusts to keep the internet safe by verifying the identity of websites.…
New findings have shed light on what's said to be a lawful attempt to covertly intercept traffic originating from jabber[.]ru (aka xmpp[.]ru), an XMPP-based instant messaging service, via servers hosted on Hetzner and Linode (a subsidiary of Akamai) in Germany
The threat actors behind RedLine and Vidar information stealers have been observed pivoting to ransomware through phishing campaigns that spread initial payloads signed with Extended Validation (EV) code signing certificates
A new phishing campaign has set its sights on European entities to distribute Remcos RAT and Formbook via a malware loader dubbed DBatLoader
Proof of concept exploit code has been released by Akamai researchers for a critical Windows CryptoAPI vulnerability discovered by the NSA and U.K.'s NCSC allowing MD5-collision certificate spoofing. [...]
The security vulnerability allows attackers to spoof a target certificate and masquerade as any website, among other things.
Internet Security Research Group (ISRG), the nonprofit behind Let's Encrypt, says the open certificate authority (CA) has issued its three billionth certificate this year. [...]
A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022