MUST READ

Drupal is rolling out an emergency security update on May 20. You cannot miss it

 | 

Microsoft dismantled malware-signing network Fox Tempest

 | 

Poland shifts away from Signal following cyberattacks on officials’ accounts

 | 

Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects

 | 

Shai-Hulud worm copycats emerge after source code leak

 | 

Grafana confirms GitHub token breach cybercrime group claims the attack

 | 

ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed

 | 

Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq

 | 

Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix

 | 

Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97

 | 

Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores

 | 

Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total

 | 

U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog

 | 

OpenAI hit by supply chain attack linked to malicious TanStack packages

 | 

Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K

 | 

CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day

 | 

Ghostwriter group resumes attacks on Ukrainian Government targets

 | 

Researchers uncover YellowKey and GreenPlasma Windows Zero-Days

 | 

malware-signing-as-a-service

Pierluigi Paganini May 19, 2026
Microsoft dismantled malware-signing network Fox Tempest

Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) that allowed attackers to sign malware with fake trusted certificates. Microsoft said it disrupted a cybercrime operation run by a threat actor named Fox Tempest, which helped threat actors sign malware with short-lived certificates to make malicious software appear legitimate. The service abused Microsoft Artifact Signing and supported […]

Pierluigi Paganini November 04, 2015
GovRAT, the malware-signing-as-a-service platform in the underground

Security Experts at InfoArmor discovered GovRAT, a malware-signing-as-a-service platform that is offered to APT groups in the underground. In the past, I have explained why digital certificates are so attractive for crooks and intelligence agencies, one of the most interesting uses is the signature of malware code in order to fool antivirus. Naturally, digital certificates […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Drupal is rolling out an emergency security update on May 20. You cannot miss it

Security / May 19, 2026

Microsoft dismantled malware-signing network Fox Tempest

Cyber Crime / May 19, 2026

Poland shifts away from Signal following cyberattacks on officials’ accounts

Intelligence / May 19, 2026

Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects

Cyber Crime / May 19, 2026

Shai-Hulud worm copycats emerge after source code leak

Malware / May 19, 2026