NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines. Two of NVIDIA’s code-signing certificates ...

The China-aligned APT (advanced persistent threat) group known as 'Bronze Starlight' was seen targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the ...

GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing ...

Whether you create your own code-signing certificate, or use a certificate from a certificate authority, it’s easy to give your Windows binaries the seal of approval. If you compile programs on ...

Windows, antivirus engines, and enterprise security tools all expect executables to be digitally signed. Previously, developers purchased an EV Code Signing Certificate, stored it on a USB token or ...

Cybercriminals are abusing Microsoft's Trusted Signing platform to code-sign malware executables with short-lived three-day certificates. Threat actors have long sought after code-signing certificates ...

Code-signing certificates are supposed to help authenticate the identity of software publishers, and provide cryptographic assurance that a signed piece of software has not been altered or tampered ...

On October 14th, 2025, the CA/B Forum, which establishes standards within the certificate industry, voted to reduce the lifetime of Code Signing Certificates from 39 months to 460 days. The changes ...