Bleeping Computer

GitHub revokes code signing certificates stolen in repo hack

GitHub says unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories.
Windows Report

Windows “Cerdigent” Threat Warnings Spread, But Many May Be False Positives

Microsoft Defender “Cerdigent” alerts may stem from DigiCert certificate abuse, not active malware infections.
Computer Weekly

GitHub warns Desktop, Atom users after code-signing certificates pinched

GitHub has issued an urgent warning to users of its Desktop for Mac and Atom text editor applications after an unauthorised actor broke into its systems and stole two encrypted DigiCert code-signing ...
InfoWorld

How to code sign binaries on Windows

Whether you create your own code-signing certificate, or use a certificate from a certificate authority, it’s easy to give your Windows binaries the seal of approval. If you compile programs on ...
Threat Post

NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware

NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines. Two of NVIDIA’s code-signing certificates ...

Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha

Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in ...
Ars Technica

GitHub says hackers cloned code-signing certificates in breached repository

GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing ...