Bleeping Computer

GitHub revokes code signing certificates stolen in repo hack

GitHub says unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories.
SecurityWeek

DigiCert Revokes Certificates After Support Portal Hack

DigiCert revoked certificates that hackers obtained through its internal support portal as part of a social engineering ...

Microsoft Defender Bug Triggers False Malware Alerts for DigiCert Certificates

Microsoft fixed a Defender false positive that flagged legitimate DigiCert certificates as malware, disrupting Windows trust ...
Ars Technica

Code signing certs, why are they still such a pain?

I have an open source project that requires code signing to be of much use. With Startcom finally being removed from Windows's trusted CAs, I am having to buy another code signing cert. Why is the ...
Bleeping Computer

Latest Code-signing news

Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some ...
Threat Post

NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware

NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines. Two of NVIDIA’s code-signing certificates ...
Redmond Magazine

CAs To Apply Microsoft's New Digital Cert Code-Signing Requirements

Microsoft for the first time will require certificate authorities to institute minimum requirements for how digital certificates tied to Windows-based executables and scripts are verified. The move is ...
Purdue University

InCommon Certificate Service

Purdue is a member of the InCommon Federation. The InCommon Federation provides unlimited certificates via their InCommon Certificate Service to its member institutions for a single price. Server and ...