Morning Overview on MSN

The TanStack supply chain attack hit OpenAI — hackers reached two employee devices and forced the company to rotate all its code-signing certificates

When OpenAI engineers discovered that a poisoned update to a widely used JavaScript library had executed on two corporate laptops, the company’s security team faced a decision that no software ...
Bleeping Computer

Malware now using NVIDIA's stolen code signing certificates

Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. This week, NVIDIA confirmed that they ...
Ars Technica

In blunder threatening Windows users, D-Link publishes code-signing key

[url=http://arstechnica.com/civis/viewtopic.php?p=29776313#p29776313:2vcsi9o2 said: smartbucket[/url]":2vcsi9o2] He said the key is accepted by Microsoft Windows code ...
Threat Post

NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware

NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines. Two of NVIDIA’s code-signing certificates ...
Bleeping Computer

Hackers exploit Windows policy to load malicious kernel drivers

Microsoft blocked code signing certificates predominantly used by Chinese hackers and developers to sign and load malicious kernel mode drivers on breached systems by exploiting a Windows policy ...
CSOonline

Nvidia hackers release code-signing certificates that malware can abuse

The hacker group that recently broke into systems belonging to graphics chip maker Nvidia has released two of the company’s old code-signing certificates. Researchers warn the drivers could be used to ...