4 matches found
Hackers Trick DigiCert Into Issuing Certificates Used to Sign Malware
DigiCert revokes 60 code signing certificates after hackers used a malicious support chat attachment to sign the Zhong Stealer malware...
PT-2025-52860
Name of the Vulnerable Software and Affected Versions continuwuity versions prior to 0.5.0 Description A remote, unauthenticated attacker can force the target server to cryptographically sign arbitrary membership events. This occurs because the server does not validate the origin of a signing...
CVE-2020-9049
A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid...
Survey of Supply Chain Attacks
The Atlantic Council has a released a report that looks at the history of computer supply chain attacks. Key trends from their summary: 1. Deep Impact from State Actors: There were at least 27 different state attacks against the software supply chain including from Russia, China, North Korea, and...