Following New CA/B Forum Vote, Businesses Must Prepare for Two Significant Certificate Lifecycle Reductions in March

On October 14(th) , 2025, the CA/B Forum, which establishes standards within the certificate industry, voted to reduce the lifetime of Code Signing Certificates from 39 months to 460 days. The changes ...
Bleeping Computer

Hackers use VPN provider's code certificate to sign malware

The China-aligned APT (advanced persistent threat) group known as 'Bronze Starlight' was seen targeting the Southeast Asian gambling industry with malware signed using a valid certificate used by the ...
Bleeping Computer

Logitech Options+, G HUB macOS apps break after certificate expires

Logitech’s Options+ and G Hub apps on macOS stopped working after their code-signing certificate expired, leaving users unable to launch them on Apple systems. Options+ is Logitech’s input device ...
Threat Post

Flame Attackers Used Collision Attack to Forge Microsoft Certificate

The attackers behind the Flame malware used a collision attack against a cryptographic algorithm as part of the method for gaining a forged certificate to sign specific components of the attack tool.
Wired

Flame Hijacks Microsoft Update to Spread Malware Disguised As Legit Code

It's a scenario security researchers have long worried about, a man-in-the-middle attack that allows someone to impersonate Microsoft Update to deliver malware -- disguised as legitimate Microsoft ...