Whether you create your own code-signing certificate, or use a certificate from a certificate authority, it’s easy to give your Windows binaries the seal of approval. If you compile programs on ...

GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing ...

Windows, antivirus engines, and enterprise security tools all expect executables to be digitally signed. Previously, developers purchased an EV Code Signing Certificate, stored it on a USB token or ...

The China-aligned APT (advanced persistent threat) group known as 'Bronze Starlight' was seen targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the ...

One of the breakthroughs of the Stuxnet worm that targeted Iran’s nuclear program was its use of legitimate digital certificates, which cryptographically vouched for the trustworthiness of the ...

Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. Threat actors have long sought after code-signing certificates ...

NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines. Two of NVIDIA’s code-signing certificates ...

The attackers behind the Flame malware used a collision attack against a cryptographic algorithm as part of the method for gaining a forged certificate to sign specific components of the attack tool.

On October 14th, 2025, the CA/B Forum, which establishes standards within the certificate industry, voted to reduce the lifetime of Code Signing Certificates from 39 months to 460 days. The changes ...