Mastodon Feed
Boosted by soatok@furry.engineer ("Soatok Dreamseeker"):
hrbrmstr ("hrbrmstr πΊπ¦ π¬π± π¨π¦") wrote:
DigiCert β a certificate authority, the entity you're trusting to anchor your entire chain of trust β got compromised because a support analyst opened a .scr file from a chat session. In 2026. CrowdStrike was misconfigured on one endpoint and completely absent on another. Nobody noticed the second compromise for 10 days. The attacker grabbed EV code signing initialization codes and walked out with 60 certificates. Zhong Stealer, signed and shipped. (2/5)