Fake malware-signing service Fox Tempest dismantled by Microsoft

Microsoft says it dismantled a malware-signing-as-a-service MSaaS called Fox Tempest, which helped cybercriminals make malware appear legitimate. The service let customers submit malicious files to be digitally signed with short-lived Microsoft-issued certificates, making the malware look...

Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks

Microsoft on Tuesday said it disrupted a malware-signing-as-a-service MSaaS operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world. The tech giant attribut...

Exposing Fox Tempest: A malware-signing service operation

In this article 1. Fox Tempest’s role and impact 2. Fox Tempest’s malware signing as a service infrastructure 3. Defending against Fox Tempest-enabled attacks 4. Microsoft Defender detections 5. Indicators of compromise Fox Tempest is a financially motivated threat actor that operates a...

Microsoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware Campaign

Microsoft on Thursday disclosed that it revoked more than 200 certificates used by a threat actor it tracks as Vanilla Tempest to fraudulently sign malicious binaries in ransomware attacks. The certificates were "used in fake Teams setup files to deliver the Oyster backdoor and ultimately deploy...

Malicious code in tempest-dcc0g-betnw-jewel-project (npm)

The package tempest-dcc0g-betnw-jewel-project was found to contain malicious code...

MAL-2025-34686 Malicious code in tempest-uo69v-qz61a-cascade-project (npm)

The package tempest-uo69v-qz61a-cascade-project was found to contain malicious code...

MAL-2025-34680 Malicious code in tempest-3num5-ifpr1-dawn-project (npm)

The package tempest-3num5-ifpr1-dawn-project was found to contain malicious code...

MAL-2025-40581 Malicious code in yonder-duuey-51lci-tempest-project (npm)

The package yonder-duuey-51lci-tempest-project was found to contain malicious code...

Malicious code in tempest_6lvd4_15jqt_noir (npm)

The package tempest6lvd415jqtnoir was found to contain malicious code...

MAL-2025-34682 Malicious code in tempest-7fck6-1xs7v-cascade-project (npm)

The package tempest-7fck6-1xs7v-cascade-project was found to contain malicious code...

Malicious code in tempest-7fck6-1xs7v-cascade-project (npm)

The package tempest-7fck6-1xs7v-cascade-project was found to contain malicious code...

MAL-2025-34679 Malicious code in tempest-1is1n-106o0-whisper-project (npm)

The package tempest-1is1n-106o0-whisper-project was found to contain malicious code...

MAL-2025-34684 Malicious code in tempest-d2eyb-i60bs-violet-project (npm)

The package tempest-d2eyb-i60bs-violet-project was found to contain malicious code...

MAL-2025-34681 Malicious code in tempest-6g81m-mmcv2-tide-project (npm)

The package tempest-6g81m-mmcv2-tide-project was found to contain malicious code...

Malicious code in tempest_brueb_svp49_giraffe (npm)

The package tempestbruebsvp49giraffe was found to contain malicious code...

MAL-2025-16025 Malicious code in boulder-rreq7-kekff-tempest-project (npm)

The package boulder-rreq7-kekff-tempest-project was found to contain malicious code...

MAL-2025-34691 Malicious code in tempest_o6c6p_it45d_nymph (npm)

The package tempesto6c6pit45dnymph was found to contain malicious code...

MAL-2025-24541 Malicious code in kismet-7lvgb-9jpwm-tempest-project (npm)

The package kismet-7lvgb-9jpwm-tempest-project was found to contain malicious code...

Malicious code in tempest-6g81m-mmcv2-tide-project (npm)

The package tempest-6g81m-mmcv2-tide-project was found to contain malicious code...

Malicious code in tempest-uo69v-qz61a-cascade-project (npm)

The package tempest-uo69v-qz61a-cascade-project was found to contain malicious code...