Select a theme from the list.
Insights

From our experts

Latest
Microsoft Warns That Overprivileged AI Agents Are Becoming a New Identity RiskDigiCert Intrusion Reveals How Stolen Code-Signing Trust Can Shield MalwareAbbott Investigates Two Cyber Incidents as Extortion Claims Target Diagnostics OperationsSophos Fusion Recasts the Security Platform as an AI-Driven Defense SystemShark Vacuum Cloud Weakness Turns One Device Certificate Into a Regional Master KeyTrusted Meeting Apps Become the Bait in a Multi-Layer Windows Malware CampaignMicrosoft Makes Passkeys the Entra ID Default and Sets a Deadline for Native SMS AuthenticationSonicWall Zero-Days Under Active Attack Demand Immediate SMA1000 PatchingCritical Chrome and Firefox Updates Put Browser Restarts Back on the Security AgendaAsyncAPI Package Breach Turns Trusted Build Pipelines Into a Malware Delivery SystemMicrosoft Expands AI-Led Security Hardening and Sets 2029 Quantum-Safe GoalGlobal CMS Exploitation Wave Plants Webshells on Business WebsitesMicrosoft Warns That Overprivileged AI Agents Are Becoming a New Identity RiskDigiCert Intrusion Reveals How Stolen Code-Signing Trust Can Shield MalwareAbbott Investigates Two Cyber Incidents as Extortion Claims Target Diagnostics OperationsSophos Fusion Recasts the Security Platform as an AI-Driven Defense SystemShark Vacuum Cloud Weakness Turns One Device Certificate Into a Regional Master KeyTrusted Meeting Apps Become the Bait in a Multi-Layer Windows Malware CampaignMicrosoft Makes Passkeys the Entra ID Default and Sets a Deadline for Native SMS AuthenticationSonicWall Zero-Days Under Active Attack Demand Immediate SMA1000 PatchingCritical Chrome and Firefox Updates Put Browser Restarts Back on the Security AgendaAsyncAPI Package Breach Turns Trusted Build Pipelines Into a Malware Delivery SystemMicrosoft Expands AI-Led Security Hardening and Sets 2029 Quantum-Safe GoalGlobal CMS Exploitation Wave Plants Webshells on Business Websites
Security Insight

DigiCert Intrusion Reveals How Stolen Code-Signing Trust Can Shield Malware

DigiCert Intrusion Reveals How Stolen Code-Signing Trust Can Shield Malware
Photo by Tima Miroshnichenko on Pexels

Researchers have linked DigiCert's April 2026 security incident to CylindricalCanine, a subgroup associated with the GoldenEyeDog cybercrime operation. The attackers allegedly compromised support workstations, intercepted certificate initialization codes, and used fraudulently obtained code-signing certificates to make malware appear more trustworthy.

New threat intelligence has connected the April 2026 DigiCert security incident to CylindricalCanine, a subgroup of the GoldenEyeDog cybercrime operation. The incident is significant because the attackers were not merely seeking documents or account credentials. They targeted code-signing certificates, which can give malicious software a misleading appearance of legitimacy.

Support Access Became the Entry Point

The intrusion reportedly began when an attacker contacted DigiCert's support team through a customer chat channel and submitted a ZIP archive disguised as a screenshot. The archive contained a malicious screen-saver executable that compromised two support analyst workstations.

The attackers then abused a support portal feature that allowed authorized analysts to view customer accounts while assisting them. This access exposed initialization codes associated with approved but undelivered extended-validation code-signing certificate orders. Possession of those codes was functionally sufficient to complete certificate retrieval across a limited group of customer accounts.

DigiCert revoked 60 certificates associated with the incident. Researchers said 27 were directly connected to the threat actor and that some were used to sign Zhong Stealer malware. The company subsequently changed its platform to conceal initialization codes from proxied support sessions through both the user interface and API.

Why Signed Malware Is Dangerous

Code signing does not prove that software is harmless. It confirms who signed the file and whether it was altered afterward. However, users, administrators, security products, and application-control systems may place greater trust in properly signed executables. A stolen certificate can therefore help malware bypass warnings or survive initial inspection.

Defensive Priorities

  • Isolate support personnel on hardened, privileged workstations.
  • Block executable attachments and archives in customer-support channels.
  • Require additional approval before certificate initialization or delivery.
  • Monitor certificate transparency and reputation systems for unexpected issuance.
  • Immediately investigate software signed with revoked or suspicious certificates.

I believe certificate authorities and other trust providers must treat support systems as part of their critical security perimeter. Support teams routinely receive files from strangers, yet they may also hold access capable of affecting customer identities and software trust. This combination makes them exceptionally attractive targets. Stronger file isolation, narrowly scoped support permissions, and independent verification of certificate delivery should become standard controls across the industry.

Talk to our team →

Latest

Microsoft Warns That Overprivileged AI Agents Are Becoming a New Identity RiskJul 18, 2026DigiCert Intrusion Reveals How Stolen Code-Signing Trust Can Shield MalwareJul 18, 2026Abbott Investigates Two Cyber Incidents as Extortion Claims Target Diagnostics OperationsJul 18, 2026Sophos Fusion Recasts the Security Platform as an AI-Driven Defense SystemJul 16, 2026Shark Vacuum Cloud Weakness Turns One Device Certificate Into a Regional Master KeyJul 16, 2026Trusted Meeting Apps Become the Bait in a Multi-Layer Windows Malware CampaignJul 16, 2026

Most read

1Global CMS Exploitation Wave Plants Webshells on Business Websites2Microsoft Prepares Windows Customers for a Faster Era of AI-Driven Patching3Sophos Fusion Recasts the Security Platform as an AI-Driven Defense System4Exposed Attack Server Unmasks Three Microsoft 365 Phishing Operations5Laser Attack Exposes an Unpatchable Weakness in Tangem Crypto Wallet Cards6Microsoft Expands AI-Led Security Hardening and Sets 2029 Quantum-Safe Goal