Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

DigiCert hit by network compromise

Incident
First reported
Last updated
Happening score
H score 13
2 unique sources, 2 articles

Summary

Hide ▲

DigiCert disclosed an early April support environment compromise that exposed initialization codes for approved EV code-signing certificate orders, creating a path for malware-signing abuse and certificate revocation. The intrusion matters because the stolen access was enough to obtain certificates across customer accounts and certificate authorities. DigiCert later revoked 60 code-signing certificates, including 27 linked to Zhong Stealer.

Related Happenings

Sefirah infostealer delivered through a malicious Hugging Face repository

Malware Activity
First: 09.05.2026 17:26 Last: 09.05.2026 17:26 Sources 1

About this happening: A malicious **Hugging Face** repository impersonated **OpenAI’s Privacy Filter** and delivered **sefirah**, a **Rust-based infostealer**, to **Windows** users, creating credential...

Open Happening

Microsoft Defender false-positively flags DigiCert root certificates and removes some from Windows trust store

Security Tool/Service
First: 03.05.2026 21:11 Last: 03.05.2026 21:11 Sources 1

How related: Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some cases, removing certificates from Windows.

About this happening: **Microsoft Defender** began falsely flagging valid **DigiCert root certificates** as **Trojan:Win32/Cerdigent.A!dha**, creating widespread false positives and risking certificate...

Open Happening

Windows Shell spoofing flaw actively exploited (CVE-2026-32202)

Vulnerability
First: 28.04.2026 08:50 Last: 28.04.2026 08:50 Sources 1

About this happening: **Microsoft** updated **Windows Shell** advisory guidance to confirm **CVE-2026-32202** was **actively exploited in the wild**, raising the risk of sensitive-information disclosur...

Open Happening

Lumma Stealer infection of a Context.ai employee

Malware Activity
First: 23.04.2026 11:40 Last: 23.04.2026 11:40 Sources 1

About this happening: A **Context.ai** employee was infected with **Lumma Stealer** in **February 2026**, giving attackers a likely foothold that may have seeded the wider compromise chain affecting **...

Open Happening

Storm-2561 SEO-poisoning VPN credential-theft campaign

Campaign
First: 13.03.2026 15:38 Last: 13.03.2026 15:38 Sources 1

About this happening: The **Storm-2561** group is running a **credential-theft campaign** that uses **SEO poisoning** and fake **VPN clients** to steal **VPN credentials** from people searching for ent...

Open Happening

Timeline

  1. 04.05.2026 15:46 1 articles · 23d ago

    DigiCert revokes certificates and hardens support access

    Mitigation Patch Update

    By April 17, DigiCert revoked 60 certificates tied to the support-portal compromise, including 27 explicitly linked to the threat actor and 11 used to sign Zhong Stealer, and canceled pending orders to close attacker access. DigiCert also enforced multi-factor authentication for administrative workflows, blocked access to initialization codes from proxied support users, restricted file types for support chat and Salesforce case attachments, and improved logging.

    Show sources
    Open in new tab
  2. 03.05.2026 21:11 1 articles · 24d ago

    DigiCert hit by network compromise

    Initial Disclosure

    Attackers began by sending DigiCert support staff **malicious ZIP files disguised as screenshots** in **early April**. Repeated blocked attempts were followed by compromise of one support analyst device and then a second system.

    Show sources
    Open in new tab