Bleeping Computer

GitHub revokes code signing certificates stolen in repo hack

GitHub says unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories.
Computer Weekly

GitHub warns Desktop, Atom users after code-signing certificates pinched

GitHub has issued an urgent warning to users of its Desktop for Mac and Atom text editor applications after an unauthorised actor broke into its systems and stole two encrypted DigiCert code-signing ...
Ars Technica

GitHub says hackers cloned code-signing certificates in breached repository

GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing ...
MacRumors

PSA: Apple is Updating Old Apps With Latest Signing Certificate Ahead of iOS 14.5

Users may notice that a number of very old apps are receiving new App Store updates. Instead of fixing bugs or adding new features, the updates are occurring because Apple is updating developers' apps ...
Bleeping Computer

Latest Code-signing news

Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some ...
Infosecurity-magazine.com

Code Signing: How to Respond to the Hidden Threat

How do you know the code you’re using can be trusted? It’s a very important question – organizations and developers need to know code is genuine and hasn’t been tampered with, or they could risk ...