VulnHub

Real-time Cybersecurity News

Hackers Trick DigiCert Into Issuing Certificates Used to Sign Malware

Hackread – Cybersecurity News, Data Breaches, AI and More
Actively Exploited
Malware

Overview

Hackers managed to trick DigiCert into issuing 60 code signing certificates that were then used to sign the Zhong Stealer malware. This incident unfolded when attackers utilized a malicious attachment in a support chat, allowing them to bypass security protocols. As a response, DigiCert has revoked the compromised certificates to prevent further misuse. This breach raises significant concerns about the security of certificate authorities and the potential for malware to appear more legitimate, which could mislead users and organizations. The incident emphasizes the need for tighter security measures in the issuance of digital certificates, as they play a crucial role in establishing trust online.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: DigiCert code signing certificates, Zhong Stealer malware
  • Action Required: Revocation of compromised certificates.
  • Timeline: Newly disclosed

Original Article Summary

DigiCert revokes 60 code signing certificates after hackers used a malicious support chat attachment to sign the Zhong Stealer malware.

Impact

DigiCert code signing certificates, Zhong Stealer malware

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Revocation of compromised certificates

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

New ‘Dirty Frag’ Linux Vulnerability Possibly Exploited in Attacks

SecurityWeek

A new vulnerability in Linux, referred to as 'Dirty Frag' and tracked under CVE-2026-43284 and CVE-2026-43500, has been disclosed, raising concerns among security researchers and system administrators. This exploit could allow attackers to manipulate memory and potentially execute arbitrary code, impacting a wide range of Linux distributions. The vulnerability was made public before a patch was available, which increases the risk of exploitation by malicious actors. Users of affected systems need to be vigilant, as this vulnerability may already be utilized in attacks. It's crucial for organizations to stay updated and apply any patches as soon as they are released to mitigate potential risks.

May 11, 2026

Two US Men Jailed for Helping North Korean Hackers Infiltrate US Firms

Hackread – Cybersecurity News, Data Breaches, AI and More

Matthew Knoot and Erick Prince have been sentenced to 18 months in prison for their roles in facilitating North Korean hackers' access to U.S. companies. The pair assisted these hackers by setting up remote laptop farms, which allowed the attackers to infiltrate various firms. This incident raises significant concerns about the vulnerabilities of U.S. businesses to foreign cyber threats. By collaborating with North Korean hackers, Knoot and Prince not only broke the law but also jeopardized the security of sensitive information in the U.S. economy. Their actions serve as a reminder of the ongoing risks posed by state-sponsored cybercrime and the need for robust security measures to protect against such infiltrations.

May 10, 2026

Security Affairs newsletter Round 576 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

The Security Affairs newsletter has issued its latest edition, which includes a focus on the Quasar Linux RAT (QLNX), a fileless Linux implant designed for stealth and persistence. This malware allows attackers to remotely access and control infected systems without leaving traditional traces, making detection difficult. The article emphasizes the importance of awareness around such threats, as they can compromise sensitive data and disrupt operations for individuals and organizations using Linux systems. Users and administrators are urged to implement strong security measures to defend against these types of attacks.

May 10, 2026

Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence

Security Affairs

Researchers have discovered a new piece of malware called Quasar Linux RAT (QLNX), which is specifically designed to target developers and DevOps environments. This remote access tool (RAT) can steal sensitive information such as credentials, log keystrokes, and monitor clipboard activity. It also allows attackers to manipulate files and create network tunnels for ongoing access. The stealthy nature of QLNX makes it particularly concerning, as it can operate without leaving traditional traces on the system. This incident highlights the risks developers face and emphasizes the importance of securing development environments against such targeted attacks.

May 9, 2026

Canvas, Shai-Hulud, QuasarRat, 0Days, Anthropic, Aaran Leyland, and EU Compliance! - SWN #579

SCM feed for Latest

The article discusses several cybersecurity topics, including new vulnerabilities and incidents. Notably, it mentions a zero-day exploit affecting Canvas, a learning management system used by educational institutions. This vulnerability could allow attackers to execute unauthorized code, putting sensitive student data at risk. Additionally, it highlights the QuasarRat malware, which has been observed in the wild, targeting various systems. The article also touches on compliance issues faced by companies like Anthropic regarding EU regulations, which can impact their operations. Overall, these developments serve as a reminder for organizations to stay vigilant and update their security measures regularly to protect against evolving threats.

May 8, 2026

Fake macOS Troubleshooting Sites Used to Steal iCloud Data in ClickFix Scam

Hackread – Cybersecurity News, Data Breaches, AI and More

Microsoft researchers have identified a new scam called ClickFix that targets macOS users. Attackers are creating fake troubleshooting guides on platforms like Medium and Craft, tricking users into executing Terminal commands that deploy malicious software known as AMOS and SHub Stealer. This malware is designed to steal iCloud data, which can lead to significant personal and financial loss for affected users. The campaign highlights the need for vigilance among macOS users, as these deceptive tactics can easily lure unsuspecting individuals into compromising their personal information. Awareness and skepticism towards unsolicited troubleshooting advice are crucial in protecting one's digital assets.

May 8, 2026